openstack/sunbeam-charms
Code Issues Proposed changes

Initial cut

Browse Source
This commit is contained in:
Liam Young 2022-05-10 11:02:14 +01:00
commit 97fdda7095
32 changed files with 4107 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
charms/horizon-k8s/.flake8 Normal file
View File

@ -0,0 +1,9 @@
[flake8]
max-line-length = 99
select: E,W,F,C,N
exclude:
venv
.git
build
dist
*.egg_info

8
charms/horizon-k8s/.gitignore vendored Normal file
View File

@ -0,0 +1,8 @@
venv/
build/
*.charm
.tox
.coverage
__pycache__/
*.py[cod]
.stestr/

3
charms/horizon-k8s/.jujuignore Normal file
View File

@ -0,0 +1,3 @@
/venv
*.py[cod]
*.charm

3
charms/horizon-k8s/.stestr.conf Normal file
View File

@ -0,0 +1,3 @@
[DEFAULT]
test_path=./unit_tests
top_dir=./

202
charms/horizon-k8s/LICENSE Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

24
charms/horizon-k8s/README.md Normal file
View File

@ -0,0 +1,24 @@
# sunbeam-openstack-dashboard-operator
## Description
TODO: Describe your charm in a few paragraphs of Markdown
## Usage
TODO: Provide high-level usage, such as required config or relations
## Relations
TODO: Provide any relations which are provided or required by your charm
## OCI Images
TODO: Include a link to the default image your charm uses
## Contributing
Please see the [Juju SDK docs](https://juju.is/docs/sdk) for guidelines
on enhancements to this charm following best practice guidelines, and
`CONTRIBUTING.md` for developer guidance.

2
charms/horizon-k8s/actions.yaml Normal file
View File

@ -0,0 +1,2 @@
# NOTE: no actions yet!
{ }

17
charms/horizon-k8s/charmcraft.yaml Normal file
View File

@ -0,0 +1,17 @@
type: "charm"
bases:
- build-on:
- name: "ubuntu"
channel: "20.04"
run-on:
- name: "ubuntu"
channel: "20.04"
parts:
charm:
build-packages:
- git
- libffi-dev
- libssl-dev
charm-python-packages:
- setuptools < 58
- cryptography < 3.4

210
charms/horizon-k8s/config.yaml Normal file
View File

@ -0,0 +1,210 @@
options:
debug:
default: False
description: Enable debug logging.
type: boolean
os-admin-hostname:
default: glance.juju
description: |
The hostname or address of the admin endpoints that should be advertised
in the glance image provider.
type: string
os-internal-hostname:
default: glance.juju
description: |
The hostname or address of the internal endpoints that should be advertised
in the glance image provider.
type: string
os-public-hostname:
default: glance.juju
description: |
The hostname or address of the internal endpoints that should be advertised
in the glance image provider.
type: string
region:
default: RegionOne
description: Space delimited list of OpenStack regions
type: string
session-timeout:
type: int
default: 3600
description:
A method to supersede the token timeout with a shorter dashboard session
timeout in seconds. For example, if your token expires in 60 minutes, a
value of 1800 will log users out after 30 minutes.
default-role:
type: string
default: "member"
description: |
Default role for Horizon operations that will be created in
Keystone upon introduction of an identity-service relation.
default-domain:
type: string
default:
description: |
Default domain when authenticating with Horizon. Disables the domain
field in the login page.
secret:
type: string
default:
description: |
Secret for Horizon to use when securing internal data; set this when
using multiple dashboard units.
dropdown-max-items:
type: int
default: 30
description: |
Max dropdown items to show in dropdown controls.
NOTE: This setting is supported >= OpenStack Liberty.
profile:
type: string
default:
description: Default profile for the dashboard. Eg. cisco.
disable-instance-snapshot:
type: boolean
default: False
description: |
This setting disables Snapshots as a valid boot source for launching
instances. Snapshots sources wont show up in the Launch Instance modal
dialogue box. This option works from the Newton release, and has no
effect on earlier OpenStack releases.
neutron-network-dvr:
type: boolean
default: False
description: |
Enable Neutron distributed virtual router (DVR) feature in the
Router panel.
neutron-network-l3ha:
type: boolean
default: False
description: |
Enable HA (High Availability) mode in Neutron virtual router in
the Router panel.
cinder-backup:
type: boolean
default: False
description: Enable cinder backup panel.
password-retrieve:
type: boolean
default: False
description: Enable "Retrieve password" instance action.
customization-module:
type: string
default: ""
description: |
This option provides a means to enable customisation modules to modify
existing dashboards and panels.
allow-password-autocompletion:
type: boolean
default: False
description: |
Setting this to True will allow password form autocompletion by browser.
default-create-volume:
type: boolean
default: True
description: |
The default value for the option of creating a new volume in the
workflow for image and instance snapshot sources when launching an
instance. This option has an effect only to Ocata or newer
releases.
hide-create-volume:
type: boolean
default: False
description: |
Hide the "Create New Volume" option and rely on the
default-create-volume value during instance creation.
image-formats:
type: string
default: ""
description: |
The image-formats setting can be used to alter the default list of
advertised image formats. Many installations cannot use all the formats
that Glance recognizes, restricting the list here prevents unwanted
formats from being listed in Horizon which can lead to confusion.
.
This setting takes a space separated list, for example: iso qcow2 raw
.
Supported formats are: aki, ami, ari, docker, iso, ova, qcow2, raw, vdi,
vhd, vmdk.
.
If not provided, leave the option unconfigured which enables all of the
above.
api-result-limit:
type: int
default:
description: |
The maximum number of objects (e.g. Swift objects or Glance images) to
display on a single page before providing a paging element (a "more" link)
to paginate results.
enable-fip-topology-check:
type: boolean
default: true
description:
By default Horizon checks that a project has a router attached to an
external network before allowing FIPs to be attached to a VM. Some use
cases will not meet this constraint, e.g. if the router is owned by a
different project. Setting this to False removes this check from Horizon.
enable-consistency-groups:
type: boolean
default: false
description: |
By default Cinder does not enable the Consistency Groups feature. To
avoid having the Consistency Groups tabs on Horizon without the feature
enabled on Cinder, this also defaults to False. Setting this to True
will make the Consistency Groups tabs appear on the dashboard.
.
This option is supported for releases up to OpenStack Stein only. As of
OpenStack Train, consistency groups have been dropped and replaced by
the generic group feature. Setting this option for OpenStack Train or
above will not do anything.
disable-password-reveal:
type: boolean
default: false
description: |
If enabled, the reveal button for passwords is removed.
enforce-password-check:
type: boolean
default: True
description: |
If True, displays an Admin Password field on the Change Password form
to verify that it is indeed the admin logged-in who wants to change the password.
site-name:
type: string
default: ''
description: |
An unique site name for OpenStack deployment to be passed via the
application-dashboard relation
site-branding:
type: string
default:
description: |
A brand name to be shown in the HTML title. The default value is
"OpenStack Dashboard", e.g. "Instance Overview - OpenStack Dashboard"
site-branding-link:
type: string
default:
description: |
A custom hyperlink when the logo in the dashboard is clicked, e.g.
https://mycloud.example.com/. The default value is
"horizon:user_home" to open the top level of the dashboard.
help-url:
type: string
default:
description: |
A custom hyperlink for the "Help" menu, e.g.
https://mycloud.example.com/help. The default value is
https://docs.openstack.org/
create-instance-flavor-sort-key:
type: string
default:
description: |
This option can be used to customise the order instances are sorted in.
Support values include: id, name, ram, disk, and vcpus.
See https://docs.openstack.org/horizon/latest/configuration/settings.html#create-instance-flavor-sort
for more details.
create-instance-flavor-sort-reverse:
type: boolean
default: False
description: |
This option can be used to set the instance sorting to either ascending or descending.
Set True to sort in ascending order or False for descending order.

227
charms/horizon-k8s/lib/charms/nginx_ingress_integrator/v0/ingress.py Normal file
View File

@ -0,0 +1,227 @@
"""Library for the ingress relation.
This library contains the Requires and Provides classes for handling
the ingress interface.
Import `IngressRequires` in your charm, with two required options:
- "self" (the charm itself)
- config_dict
`config_dict` accepts the following keys:
- service-hostname (required)
- service-name (required)
- service-port (required)
- additional-hostnames
- limit-rps
- limit-whitelist
- max-body-size
- owasp-modsecurity-crs
- path-routes
- retry-errors
- rewrite-enabled
- rewrite-target
- service-namespace
- session-cookie-max-age
- tls-secret-name
See [the config section](https://charmhub.io/nginx-ingress-integrator/configure) for descriptions
of each, along with the required type.
As an example, add the following to `src/charm.py`:
```
from charms.nginx_ingress_integrator.v0.ingress import IngressRequires
# In your charm's `__init__` method.
self.ingress = IngressRequires(self, {"service-hostname": self.config["external_hostname"],
"service-name": self.app.name,
"service-port": 80})
# In your charm's `config-changed` handler.
self.ingress.update_config({"service-hostname": self.config["external_hostname"]})
```
And then add the following to `metadata.yaml`:
```
requires:
ingress:
interface: ingress
```
You _must_ register the IngressRequires class as part of the `__init__` method
rather than, for instance, a config-changed event handler. This is because
doing so won't get the current relation changed event, because it wasn't
registered to handle the event (because it wasn't created in `__init__` when
the event was fired).
"""
import logging
from ops.charm import CharmEvents
from ops.framework import EventBase, EventSource, Object
from ops.model import BlockedStatus
# The unique Charmhub library identifier, never change it
LIBID = "db0af4367506491c91663468fb5caa4c"
# Increment this major API version when introducing breaking changes
LIBAPI = 0
# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 10
logger = logging.getLogger(__name__)
REQUIRED_INGRESS_RELATION_FIELDS = {
"service-hostname",
"service-name",
"service-port",
}
OPTIONAL_INGRESS_RELATION_FIELDS = {
"additional-hostnames",
"limit-rps",
"limit-whitelist",
"max-body-size",
"owasp-modsecurity-crs",
"path-routes",
"retry-errors",
"rewrite-target",
"rewrite-enabled",
"service-namespace",
"session-cookie-max-age",
"tls-secret-name",
}
class IngressAvailableEvent(EventBase):
pass
class IngressBrokenEvent(EventBase):
pass
class IngressCharmEvents(CharmEvents):
"""Custom charm events."""
ingress_available = EventSource(IngressAvailableEvent)
ingress_broken = EventSource(IngressBrokenEvent)
class IngressRequires(Object):
"""This class defines the functionality for the 'requires' side of the 'ingress' relation.
Hook events observed:
- relation-changed
"""
def __init__(self, charm, config_dict):
super().__init__(charm, "ingress")
self.framework.observe(charm.on["ingress"].relation_changed, self._on_relation_changed)
self.config_dict = config_dict
def _config_dict_errors(self, update_only=False):
"""Check our config dict for errors."""
blocked_message = "Error in ingress relation, check `juju debug-log`"
unknown = [
x
for x in self.config_dict
if x not in REQUIRED_INGRESS_RELATION_FIELDS | OPTIONAL_INGRESS_RELATION_FIELDS
]
if unknown:
logger.error(
"Ingress relation error, unknown key(s) in config dictionary found: %s",
", ".join(unknown),
)
self.model.unit.status = BlockedStatus(blocked_message)
return True
if not update_only:
missing = [x for x in REQUIRED_INGRESS_RELATION_FIELDS if x not in self.config_dict]
if missing:
logger.error(
"Ingress relation error, missing required key(s) in config dictionary: %s",
", ".join(sorted(missing)),
)
self.model.unit.status = BlockedStatus(blocked_message)
return True
return False
def _on_relation_changed(self, event):
"""Handle the relation-changed event."""
# `self.unit` isn't available here, so use `self.model.unit`.
if self.model.unit.is_leader():
if self._config_dict_errors():
return
for key in self.config_dict:
event.relation.data[self.model.app][key] = str(self.config_dict[key])
def update_config(self, config_dict):
"""Allow for updates to relation."""
if self.model.unit.is_leader():
self.config_dict = config_dict
if self._config_dict_errors(update_only=True):
return
relation = self.model.get_relation("ingress")
if relation:
for key in self.config_dict:
relation.data[self.model.app][key] = str(self.config_dict[key])
class IngressProvides(Object):
"""This class defines the functionality for the 'provides' side of the 'ingress' relation.
Hook events observed:
- relation-changed
"""
def __init__(self, charm):
super().__init__(charm, "ingress")
# Observe the relation-changed hook event and bind
# self.on_relation_changed() to handle the event.
self.framework.observe(charm.on["ingress"].relation_changed, self._on_relation_changed)
self.framework.observe(charm.on["ingress"].relation_broken, self._on_relation_broken)
self.charm = charm
def _on_relation_changed(self, event):
"""Handle a change to the ingress relation.
Confirm we have the fields we expect to receive."""
# `self.unit` isn't available here, so use `self.model.unit`.
if not self.model.unit.is_leader():
return
ingress_data = {
field: event.relation.data[event.app].get(field)
for field in REQUIRED_INGRESS_RELATION_FIELDS | OPTIONAL_INGRESS_RELATION_FIELDS
}
missing_fields = sorted(
[
field
for field in REQUIRED_INGRESS_RELATION_FIELDS
if ingress_data.get(field) is None
]
)
if missing_fields:
logger.error(
"Missing required data fields for ingress relation: {}".format(
", ".join(missing_fields)
)
)
self.model.unit.status = BlockedStatus(
"Missing fields for ingress: {}".format(", ".join(missing_fields))
)
# Create an event that our charm can use to decide it's okay to
# configure the ingress.
self.charm.on.ingress_available.emit()
def _on_relation_broken(self, _):
"""Handle a relation-broken event in the ingress relation."""
if not self.model.unit.is_leader():
return
# Create an event that our charm can use to remove the ingress resource.
self.charm.on.ingress_broken.emit()

280
charms/horizon-k8s/lib/charms/observability_libs/v0/kubernetes_service_patch.py Normal file
View File

@ -0,0 +1,280 @@
# Copyright 2021 Canonical Ltd.
# See LICENSE file for licensing details.
"""# KubernetesServicePatch Library.
This library is designed to enable developers to more simply patch the Kubernetes Service created
by Juju during the deployment of a sidecar charm. When sidecar charms are deployed, Juju creates a
service named after the application in the namespace (named after the Juju model). This service by
default contains a "placeholder" port, which is 65536/TCP.
When modifying the default set of resources managed by Juju, one must consider the lifecycle of the
charm. In this case, any modifications to the default service (created during deployment), will
be overwritten during a charm upgrade.
When initialised, this library binds a handler to the parent charm's `install` and `upgrade_charm`
events which applies the patch to the cluster. This should ensure that the service ports are
correct throughout the charm's life.
The constructor simply takes a reference to the parent charm, and a list of tuples that each define
a port for the service, where each tuple contains:
- a name for the port
- port for the service to listen on
- optionally: a targetPort for the service (the port in the container!)
- optionally: a nodePort for the service (for NodePort or LoadBalancer services only!)
- optionally: a name of the service (in case service name needs to be patched as well)
## Getting Started
To get started using the library, you just need to fetch the library using `charmcraft`. **Note
that you also need to add `lightkube` and `lightkube-models` to your charm's `requirements.txt`.**
```shell
cd some-charm
charmcraft fetch-lib charms.observability_libs.v0.kubernetes_service_patch
echo <<-EOF >> requirements.txt
lightkube
lightkube-models
EOF
```
Then, to initialise the library:
For ClusterIP services:
```python
# ...
from charms.observability_libs.v0.kubernetes_service_patch import KubernetesServicePatch
class SomeCharm(CharmBase):
def __init__(self, *args):
# ...
self.service_patcher = KubernetesServicePatch(self, [(f"{self.app.name}", 8080)])
# ...
```
For LoadBalancer/NodePort services:
```python
# ...
from charms.observability_libs.v0.kubernetes_service_patch import KubernetesServicePatch
class SomeCharm(CharmBase):
def __init__(self, *args):
# ...
self.service_patcher = KubernetesServicePatch(
self, [(f"{self.app.name}", 443, 443, 30666)], "LoadBalancer"
)
# ...
```
Additionally, you may wish to use mocks in your charm's unit testing to ensure that the library
does not try to make any API calls, or open any files during testing that are unlikely to be
present, and could break your tests. The easiest way to do this is during your test `setUp`:
```python
# ...
@patch("charm.KubernetesServicePatch", lambda x, y: None)
def setUp(self, *unused):
self.harness = Harness(SomeCharm)
# ...
```
"""
import logging
from types import MethodType
from typing import Literal, Sequence, Tuple, Union
from lightkube import ApiError, Client
from lightkube.models.core_v1 import ServicePort, ServiceSpec
from lightkube.models.meta_v1 import ObjectMeta
from lightkube.resources.core_v1 import Service
from lightkube.types import PatchType
from ops.charm import CharmBase
from ops.framework import Object
logger = logging.getLogger(__name__)
# The unique Charmhub library identifier, never change it
LIBID = "0042f86d0a874435adef581806cddbbb"
# Increment this major API version when introducing breaking changes
LIBAPI = 0
# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 6
PortDefinition = Union[Tuple[str, int], Tuple[str, int, int], Tuple[str, int, int, int]]
ServiceType = Literal["ClusterIP", "LoadBalancer"]
class KubernetesServicePatch(Object):
"""A utility for patching the Kubernetes service set up by Juju."""
def __init__(
self,
charm: CharmBase,
ports: Sequence[PortDefinition],
service_name: str = None,
service_type: ServiceType = "ClusterIP",
additional_labels: dict = None,
additional_selectors: dict = None,
additional_annotations: dict = None,
):
"""Constructor for KubernetesServicePatch.
Args:
charm: the charm that is instantiating the library.
ports: a list of tuples (name, port, targetPort, nodePort) for every service port.
service_name: allows setting custom name to the patched service. If none given,
application name will be used.
service_type: desired type of K8s service. Default value is in line with ServiceSpec's
default value.
additional_labels: Labels to be added to the kubernetes service (by default only
"app.kubernetes.io/name" is set to the service name)
additional_selectors: Selectors to be added to the kubernetes service (by default only
"app.kubernetes.io/name" is set to the service name)
additional_annotations: Annotations to be added to the kubernetes service.
"""
super().__init__(charm, "kubernetes-service-patch")
self.charm = charm
self.service_name = service_name if service_name else self._app
self.service = self._service_object(
ports,
service_name,
service_type,
additional_labels,
additional_selectors,
additional_annotations,
)
# Make mypy type checking happy that self._patch is a method
assert isinstance(self._patch, MethodType)
# Ensure this patch is applied during the 'install' and 'upgrade-charm' events
self.framework.observe(charm.on.install, self._patch)
self.framework.observe(charm.on.upgrade_charm, self._patch)
def _service_object(
self,
ports: Sequence[PortDefinition],
service_name: str = None,
service_type: ServiceType = "ClusterIP",
additional_labels: dict = None,
additional_selectors: dict = None,
additional_annotations: dict = None,
) -> Service:
"""Creates a valid Service representation.
Args:
ports: a list of tuples of the form (name, port) or (name, port, targetPort)
or (name, port, targetPort, nodePort) for every service port. If the 'targetPort'
is omitted, it is assumed to be equal to 'port', with the exception of NodePort
and LoadBalancer services, where all port numbers have to be specified.
service_name: allows setting custom name to the patched service. If none given,
application name will be used.
service_type: desired type of K8s service. Default value is in line with ServiceSpec's
default value.
additional_labels: Labels to be added to the kubernetes service (by default only
"app.kubernetes.io/name" is set to the service name)
additional_selectors: Selectors to be added to the kubernetes service (by default only
"app.kubernetes.io/name" is set to the service name)
additional_annotations: Annotations to be added to the kubernetes service.
Returns:
Service: A valid representation of a Kubernetes Service with the correct ports.
"""
if not service_name:
service_name = self._app
labels = {"app.kubernetes.io/name": self._app}
if additional_labels:
labels.update(additional_labels)
selector = {"app.kubernetes.io/name": self._app}
if additional_selectors:
selector.update(additional_selectors)
return Service(
apiVersion="v1",
kind="Service",
metadata=ObjectMeta(
namespace=self._namespace,
name=service_name,
labels=labels,
annotations=additional_annotations, # type: ignore[arg-type]
),
spec=ServiceSpec(
selector=selector,
ports=[
ServicePort(
name=p[0],
port=p[1],
targetPort=p[2] if len(p) > 2 else p[1], # type: ignore[misc]
nodePort=p[3] if len(p) > 3 else None, # type: ignore[arg-type, misc]
)
for p in ports
],
type=service_type,
),
)
def _patch(self, _) -> None:
"""Patch the Kubernetes service created by Juju to map the correct port.
Raises:
PatchFailed: if patching fails due to lack of permissions, or otherwise.
"""
if not self.charm.unit.is_leader():
return
client = Client()
try:
if self.service_name != self._app:
self._delete_and_create_service(client)
client.patch(Service, self.service_name, self.service, patch_type=PatchType.MERGE)
except ApiError as e:
if e.status.code == 403:
logger.error("Kubernetes service patch failed: `juju trust` this application.")
else:
logger.error("Kubernetes service patch failed: %s", str(e))
else:
logger.info("Kubernetes service '%s' patched successfully", self._app)
def _delete_and_create_service(self, client: Client):
service = client.get(Service, self._app, namespace=self._namespace)
service.metadata.name = self.service_name # type: ignore[attr-defined]
service.metadata.resourceVersion = service.metadata.uid = None # type: ignore[attr-defined] # noqa: E501
client.delete(Service, self._app, namespace=self._namespace)
client.create(service)
def is_patched(self) -> bool:
"""Reports if the service patch has been applied.
Returns:
bool: A boolean indicating if the service patch has been applied.
"""
client = Client()
# Get the relevant service from the cluster
service = client.get(Service, name=self.service_name, namespace=self._namespace)
# Construct a list of expected ports, should the patch be applied
expected_ports = [(p.port, p.targetPort) for p in self.service.spec.ports]
# Construct a list in the same manner, using the fetched service
fetched_ports = [(p.port, p.targetPort) for p in service.spec.ports] # type: ignore[attr-defined] # noqa: E501
return expected_ports == fetched_ports
@property
def _app(self) -> str:
"""Name of the current Juju application.
Returns:
str: A string containing the name of the current Juju application.
"""
return self.charm.app.name
@property
def _namespace(self) -> str:
"""The Kubernetes namespace we're running in.
Returns:
str: A string containing the name of the current Kubernetes namespace.
"""
with open("/var/run/secrets/kubernetes.io/serviceaccount/namespace", "r") as f:
return f.read().strip()

419
charms/horizon-k8s/lib/charms/sunbeam_keystone_operator/v0/cloud_credentials.py Normal file
View File

@ -0,0 +1,419 @@
"""IdentityServiceProvides and Requires module.
This library contains the Requires and Provides classes for handling
the identity_service interface.
Import `IdentityServiceRequires` in your charm, with the charm object and the
relation name:
- self
- "identity_service"
Also provide additional parameters to the charm object:
- service
- internal_url
- public_url
- admin_url
- region
- username
- vhost
Two events are also available to respond to:
- connected
- ready
- goneaway
A basic example showing the usage of this relation follows:
```
from charms.sunbeam_sunbeam_identity_service_operator.v0.identity_service import IdentityServiceRequires
class IdentityServiceClientCharm(CharmBase):
def __init__(self, *args):
super().__init__(*args)
# IdentityService Requires
self.identity_service = IdentityServiceRequires(
self, "identity_service",
service = "my-service"
internal_url = "http://internal-url"
public_url = "http://public-url"
admin_url = "http://admin-url"
region = "region"
)
self.framework.observe(
self.identity_service.on.connected, self._on_identity_service_connected)
self.framework.observe(
self.identity_service.on.ready, self._on_identity_service_ready)
self.framework.observe(
self.identity_service.on.goneaway, self._on_identity_service_goneaway)
def _on_identity_service_connected(self, event):
'''React to the IdentityService connected event.
This event happens when n IdentityService relation is added to the
model before credentials etc have been provided.
'''
# Do something before the relation is complete
pass
def _on_identity_service_ready(self, event):
'''React to the IdentityService ready event.
The IdentityService interface will use the provided config for the
request to the identity server.
'''
# IdentityService Relation is ready. Do something with the completed relation.
pass
def _on_identity_service_goneaway(self, event):
'''React to the IdentityService goneaway event.
This event happens when an IdentityService relation is removed.
'''
# IdentityService Relation has goneaway. shutdown services or suchlike
pass
```
"""
# The unique Charmhub library identifier, never change it
LIBID = "deadbeef"
# Increment this major API version when introducing breaking changes
LIBAPI = 0
# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 1
import json
import logging
import requests
from ops.framework import (
StoredState,
EventBase,
ObjectEvents,
EventSource,
Object,
)
from ops.model import Relation
from typing import List
logger = logging.getLogger(__name__)
class CloudCredentialsConnectedEvent(EventBase):
"""CloudCredentials connected Event."""
pass
class CloudCredentialsReadyEvent(EventBase):
"""CloudCredentials ready for use Event."""
pass
class CloudCredentialsGoneAwayEvent(EventBase):
"""CloudCredentials relation has gone-away Event"""
pass
class CloudCredentialsServerEvents(ObjectEvents):
"""Events class for `on`"""
connected = EventSource(CloudCredentialsConnectedEvent)
ready = EventSource(CloudCredentialsReadyEvent)
goneaway = EventSource(CloudCredentialsGoneAwayEvent)
class CloudCredentialsRequires(Object):
"""
CloudCredentialsRequires class
"""
on = CloudCredentialsServerEvents()
_stored = StoredState()
def __init__(self, charm, relation_name: str):
super().__init__(charm, relation_name)
self.charm = charm
self.relation_name = relation_name
self.framework.observe(
self.charm.on[relation_name].relation_joined,
self._on_cloud_credentials_relation_joined,
)
self.framework.observe(
self.charm.on[relation_name].relation_changed,
self._on_cloud_credentials_relation_changed,
)
self.framework.observe(
self.charm.on[relation_name].relation_departed,
self._on_cloud_credentials_relation_changed,
)
self.framework.observe(
self.charm.on[relation_name].relation_broken,
self._on_cloud_credentials_relation_broken,
)
def _on_cloud_credentials_relation_joined(self, event):
"""CloudCredentials relation joined."""
logging.debug("CloudCredentials on_joined")
self.on.connected.emit()
self.request_credentials()
def _on_cloud_credentials_relation_changed(self, event):
"""CloudCredentials relation changed."""
logging.debug("CloudCredentials on_changed")
try:
self.on.ready.emit()
except AttributeError:
logger.exception('Error when emitting event')
def _on_cloud_credentials_relation_broken(self, event):
"""CloudCredentials relation broken."""
logging.debug("CloudCredentials on_broken")
self.on.goneaway.emit()
@property
def _cloud_credentials_rel(self) -> Relation:
"""The CloudCredentials relation."""
return self.framework.model.get_relation(self.relation_name)
def get_remote_app_data(self, key: str) -> str:
"""Return the value for the given key from remote app data."""
data = self._cloud_credentials_rel.data[self._cloud_credentials_rel.app]
return data.get(key)
@property
def api_version(self) -> str:
"""Return the api_version."""
return self.get_remote_app_data('api-version')
@property
def auth_host(self) -> str:
"""Return the auth_host."""
return self.get_remote_app_data('auth-host')
@property
def auth_port(self) -> str:
"""Return the auth_port."""
return self.get_remote_app_data('auth-port')
@property
def auth_protocol(self) -> str:
"""Return the auth_protocol."""
return self.get_remote_app_data('auth-protocol')
@property
def internal_host(self) -> str:
"""Return the internal_host."""
return self.get_remote_app_data('internal-host')
@property
def internal_port(self) -> str:
"""Return the internal_port."""
return self.get_remote_app_data('internal-port')
@property
def internal_protocol(self) -> str:
"""Return the internal_protocol."""
return self.get_remote_app_data('internal-protocol')
@property
def username(self) -> str:
"""Return the username."""
return self.get_remote_app_data('username')
@property
def password(self) -> str:
"""Return the password."""
return self.get_remote_app_data('password')
@property
def project_name(self) -> str:
"""Return the project name."""
return self.get_remote_app_data('project-name')
@property
def project_id(self) -> str:
"""Return the project id."""
return self.get_remote_app_data('project-id')
@property
def user_domain_name(self) -> str:
"""Return the name of the user domain."""
return self.get_remote_app_data('user-domain-name')
@property
def user_domain_id(self) -> str:
"""Return the id of the user domain."""
return self.get_remote_app_data('user-domain-id')
@property
def project_domain_name(self) -> str:
"""Return the name of the project domain."""
return self.get_remote_app_data('project-domain-name')
@property
def project_domain_id(self) -> str:
"""Return the id of the project domain."""
return self.get_remote_app_data('project-domain-id')
@property
def region(self) -> str:
"""Return the region for the auth urls."""
return self.get_remote_app_data('region')
def request_credentials(self) -> None:
"""Request credentials from the CloudCredentials server."""
if self.model.unit.is_leader():
logging.debug(f'Requesting credentials for {self.charm.app.name}')
app_data = self._cloud_credentials_rel.data[self.charm.app]
app_data['username'] = self.charm.app.name
class HasCloudCredentialsClientsEvent(EventBase):
"""Has CloudCredentialsClients Event."""
pass
class ReadyCloudCredentialsClientsEvent(EventBase):
"""CloudCredentialsClients Ready Event."""
def __init__(self, handle, relation_id, relation_name, username):
super().__init__(handle)
self.relation_id = relation_id
self.relation_name = relation_name
self.username = username
def snapshot(self):
return {
"relation_id": self.relation_id,
"relation_name": self.relation_name,
"username": self.username,
}
def restore(self, snapshot):
super().restore(snapshot)
self.relation_id = snapshot["relation_id"]
self.relation_name = snapshot["relation_name"]
self.username = snapshot["username"]
class CloudCredentialsClientsGoneAwayEvent(EventBase):
"""Has CloudCredentialsClientsGoneAwayEvent Event."""
pass
class CloudCredentialsClientEvents(ObjectEvents):
"""Events class for `on`"""
has_cloud_credentials_clients = EventSource(
HasCloudCredentialsClientsEvent
)
ready_cloud_credentials_clients = EventSource(
ReadyCloudCredentialsClientsEvent
)
cloud_credentials_clients_gone = EventSource(
CloudCredentialsClientsGoneAwayEvent
)
class CloudCredentialsProvides(Object):
"""
CloudCredentialsProvides class
"""
on = CloudCredentialsClientEvents()
_stored = StoredState()
def __init__(self, charm, relation_name):
super().__init__(charm, relation_name)
self.charm = charm
self.relation_name = relation_name
self.framework.observe(
self.charm.on[relation_name].relation_joined,
self._on_cloud_credentials_relation_joined,
)
self.framework.observe(
self.charm.on[relation_name].relation_changed,
self._on_cloud_credentials_relation_changed,
)
self.framework.observe(
self.charm.on[relation_name].relation_broken,
self._on_cloud_credentials_relation_broken,
)
def _on_cloud_credentials_relation_joined(self, event):
"""Handle CloudCredentials joined."""
logging.debug("CloudCredentialsProvides on_joined")
self.on.has_cloud_credentials_clients.emit()
def _on_cloud_credentials_relation_changed(self, event):
"""Handle CloudCredentials changed."""
logging.debug("CloudCredentials on_changed")
REQUIRED_KEYS = ['username']
values = [
event.relation.data[event.relation.app].get(k)
for k in REQUIRED_KEYS
]
# Validate data on the relation
if all(values):
username = event.relation.data[event.relation.app]['username']
self.on.ready_cloud_credentials_clients.emit(
event.relation.id,
event.relation.name,
username,
)
def _on_cloud_credentials_relation_broken(self, event):
"""Handle CloudCredentials broken."""
logging.debug("CloudCredentialsProvides on_departed")
self.on.cloud_credentials_clients_gone.emit()
def set_cloud_credentials(self, relation_name: int,
relation_id: str,
api_version: str,
auth_host: str,
auth_port: str,
auth_protocol: str,
internal_host: str,
internal_port: str,
internal_protocol: str,
username: str,
password: str,
project_name: str,
project_id: str,
user_domain_name: str,
user_domain_id: str,
project_domain_name: str,
project_domain_id: str,
region: str):
logging.debug("Setting cloud_credentials connection information.")
for relation in self.framework.model.relations[relation_name]:
if relation.id == relation_id:
_cloud_credentials_rel = relation
app_data = _cloud_credentials_rel.data[self.charm.app]
app_data["api-version"] = api_version
app_data["auth-host"] = auth_host
app_data["auth-port"] = str(auth_port)
app_data["auth-protocol"] = auth_protocol
app_data["internal-host"] = internal_host
app_data["internal-port"] = str(internal_port)
app_data["internal-protocol"] = internal_protocol
app_data["username"] = username
app_data["password"] = password
app_data["project-name"] = project_name
app_data["project-id"] = project_id
app_data["user-domain-name"] = user_domain_name
app_data["user-domain-id"] = user_domain_id
app_data["project-domain-name"] = project_domain_name
app_data["project-domain-id"] = project_domain_id
app_data["region"] = region

470
charms/horizon-k8s/lib/charms/sunbeam_keystone_operator/v0/identity_service.py Normal file
View File

@ -0,0 +1,470 @@
"""IdentityServiceProvides and Requires module.
This library contains the Requires and Provides classes for handling
the identity_service interface.
Import `IdentityServiceRequires` in your charm, with the charm object and the
relation name:
- self
- "identity_service"
Also provide additional parameters to the charm object:
- service
- internal_url
- public_url
- admin_url
- region
- username
- vhost
Two events are also available to respond to:
- connected
- ready
- goneaway
A basic example showing the usage of this relation follows:
```
from charms.sunbeam_sunbeam_identity_service_operator.v0.identity_service import IdentityServiceRequires
class IdentityServiceClientCharm(CharmBase):
def __init__(self, *args):
super().__init__(*args)
# IdentityService Requires
self.identity_service = IdentityServiceRequires(
self, "identity_service",
service = "my-service"
internal_url = "http://internal-url"
public_url = "http://public-url"
admin_url = "http://admin-url"
region = "region"
)
self.framework.observe(
self.identity_service.on.connected, self._on_identity_service_connected)
self.framework.observe(
self.identity_service.on.ready, self._on_identity_service_ready)
self.framework.observe(
self.identity_service.on.goneaway, self._on_identity_service_goneaway)
def _on_identity_service_connected(self, event):
'''React to the IdentityService connected event.
This event happens when n IdentityService relation is added to the
model before credentials etc have been provided.
'''
# Do something before the relation is complete
pass
def _on_identity_service_ready(self, event):
'''React to the IdentityService ready event.
The IdentityService interface will use the provided config for the
request to the identity server.
'''
# IdentityService Relation is ready. Do something with the completed relation.
pass
def _on_identity_service_goneaway(self, event):
'''React to the IdentityService goneaway event.
This event happens when an IdentityService relation is removed.
'''
# IdentityService Relation has goneaway. shutdown services or suchlike
pass
```
"""
# The unique Charmhub library identifier, never change it
LIBID = "6a7cb19b98314ecf916e3fcb02708608"
# Increment this major API version when introducing breaking changes
LIBAPI = 0
# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 1
import json
import logging
import requests
from ops.framework import (
StoredState,
EventBase,
ObjectEvents,
EventSource,
Object,
)
from ops.model import Relation
from typing import List
logger = logging.getLogger(__name__)
class IdentityServiceConnectedEvent(EventBase):
"""IdentityService connected Event."""
pass
class IdentityServiceReadyEvent(EventBase):
"""IdentityService ready for use Event."""
pass
class IdentityServiceGoneAwayEvent(EventBase):
"""IdentityService relation has gone-away Event"""
pass
class IdentityServiceServerEvents(ObjectEvents):
"""Events class for `on`"""
connected = EventSource(IdentityServiceConnectedEvent)
ready = EventSource(IdentityServiceReadyEvent)
goneaway = EventSource(IdentityServiceGoneAwayEvent)
class IdentityServiceRequires(Object):
"""
IdentityServiceRequires class
"""
on = IdentityServiceServerEvents()
_stored = StoredState()
def __init__(self, charm, relation_name: str, service_endpoints: dict,
region: str):
super().__init__(charm, relation_name)
self.charm = charm
self.relation_name = relation_name
self.service_endpoints = service_endpoints
self.region = region
self.framework.observe(
self.charm.on[relation_name].relation_joined,
self._on_identity_service_relation_joined,
)
self.framework.observe(
self.charm.on[relation_name].relation_changed,
self._on_identity_service_relation_changed,
)
self.framework.observe(
self.charm.on[relation_name].relation_departed,
self._on_identity_service_relation_changed,
)
self.framework.observe(
self.charm.on[relation_name].relation_broken,
self._on_identity_service_relation_broken,
)
def _on_identity_service_relation_joined(self, event):
"""IdentityService relation joined."""
logging.debug("IdentityService on_joined")
self.on.connected.emit()
self.register_services(
self.service_endpoints,
self.region)
def _on_identity_service_relation_changed(self, event):
"""IdentityService relation changed."""
logging.debug("IdentityService on_changed")
try:
self.service_password
self.on.ready.emit()
except AttributeError:
pass
def _on_identity_service_relation_broken(self, event):
"""IdentityService relation broken."""
logging.debug("IdentityService on_broken")
self.on.goneaway.emit()
@property
def _identity_service_rel(self) -> Relation:
"""The IdentityService relation."""
return self.framework.model.get_relation(self.relation_name)
def get_remote_app_data(self, key: str) -> str:
"""Return the value for the given key from remote app data."""
data = self._identity_service_rel.data[self._identity_service_rel.app]
return data.get(key)
@property
def api_version(self) -> str:
"""Return the api_version."""
return self.get_remote_app_data('api-version')
@property
def auth_host(self) -> str:
"""Return the auth_host."""
return self.get_remote_app_data('auth-host')
@property
def auth_port(self) -> str:
"""Return the auth_port."""
return self.get_remote_app_data('auth-port')
@property
def auth_protocol(self) -> str:
"""Return the auth_protocol."""
return self.get_remote_app_data('auth-protocol')
@property
def internal_host(self) -> str:
"""Return the internal_host."""
return self.get_remote_app_data('internal-host')
@property
def internal_port(self) -> str:
"""Return the internal_port."""
return self.get_remote_app_data('internal-port')
@property
def internal_protocol(self) -> str:
"""Return the internal_protocol."""
return self.get_remote_app_data('internal-protocol')
@property
def admin_domain_name(self) -> str:
"""Return the admin_domain_name."""
return self.get_remote_app_data('admin-domain-name')
@property
def admin_domain_id(self) -> str:
"""Return the admin_domain_id."""
return self.get_remote_app_data('admin-domain-id')
@property
def admin_project_name(self) -> str:
"""Return the admin_project_name."""
return self.get_remote_app_data('admin-project-name')
@property
def admin_project_id(self) -> str:
"""Return the admin_project_id."""
return self.get_remote_app_data('admin-project-id')
@property
def admin_user_name(self) -> str:
"""Return the admin_user_name."""
return self.get_remote_app_data('admin-user-name')
@property
def admin_user_id(self) -> str:
"""Return the admin_user_id."""
return self.get_remote_app_data('admin-user-id')
@property
def service_domain_name(self) -> str:
"""Return the service_domain_name."""
return self.get_remote_app_data('service-domain-name')
@property
def service_domain_id(self) -> str:
"""Return the service_domain_id."""
return self.get_remote_app_data('service-domain-id')
@property
def service_host(self) -> str:
"""Return the service_host."""
return self.get_remote_app_data('service-host')
@property
def service_password(self) -> str:
"""Return the service_password."""
return self.get_remote_app_data('service-password')
@property
def service_port(self) -> str:
"""Return the service_port."""
return self.get_remote_app_data('service-port')
@property
def service_protocol(self) -> str:
"""Return the service_protocol."""
return self.get_remote_app_data('service-protocol')
@property
def service_project_name(self) -> str:
"""Return the service_project_name."""
return self.get_remote_app_data('service-project-name')
@property
def service_project_id(self) -> str:
"""Return the service_project_id."""
return self.get_remote_app_data('service-project-id')
@property
def service_user_name(self) -> str:
"""Return the service_user_name."""
return self.get_remote_app_data('service-user-name')
@property
def service_user_id(self) -> str:
"""Return the service_user_id."""
return self.get_remote_app_data('service-user-id')
def register_services(self, service_endpoints: dict,
region: str) -> None:
"""Request access to the IdentityService server."""
if self.model.unit.is_leader():
logging.debug("Requesting service registration")
app_data = self._identity_service_rel.data[self.charm.app]
app_data["service-endpoints"] = json.dumps(service_endpoints)
app_data["region"] = region
class HasIdentityServiceClientsEvent(EventBase):
"""Has IdentityServiceClients Event."""
pass
class ReadyIdentityServiceClientsEvent(EventBase):
"""IdentityServiceClients Ready Event."""
def __init__(self, handle, relation_id, relation_name, service_endpoints,
region, client_app_name):
super().__init__(handle)
self.relation_id = relation_id
self.relation_name = relation_name
self.service_endpoints = service_endpoints
self.region = region
self.client_app_name = client_app_name
def snapshot(self):
return {
"relation_id": self.relation_id,
"relation_name": self.relation_name,
"service_endpoints": self.service_endpoints,
"client_app_name": self.client_app_name,
"region": self.region}
def restore(self, snapshot):
super().restore(snapshot)
self.relation_id = snapshot["relation_id"]
self.relation_name = snapshot["relation_name"]
self.service_endpoints = snapshot["service_endpoints"]
self.region = snapshot["region"]
self.client_app_name = snapshot["client_app_name"]
class IdentityServiceClientEvents(ObjectEvents):
"""Events class for `on`"""
has_identity_service_clients = EventSource(HasIdentityServiceClientsEvent)
ready_identity_service_clients = EventSource(ReadyIdentityServiceClientsEvent)
class IdentityServiceProvides(Object):
"""
IdentityServiceProvides class
"""
on = IdentityServiceClientEvents()
_stored = StoredState()
def __init__(self, charm, relation_name):
super().__init__(charm, relation_name)
self.charm = charm
self.relation_name = relation_name
self.framework.observe(
self.charm.on[relation_name].relation_joined,
self._on_identity_service_relation_joined,
)
self.framework.observe(
self.charm.on[relation_name].relation_changed,
self._on_identity_service_relation_changed,
)
self.framework.observe(
self.charm.on[relation_name].relation_broken,
self._on_identity_service_relation_broken,
)
def _on_identity_service_relation_joined(self, event):
"""Handle IdentityService joined."""
logging.debug("IdentityService on_joined")
self.on.has_identity_service_clients.emit()
def _on_identity_service_relation_changed(self, event):
"""Handle IdentityService changed."""
logging.debug("IdentityService on_changed")
REQUIRED_KEYS = [
'service-endpoints',
'region']
values = [
event.relation.data[event.relation.app].get(k)
for k in REQUIRED_KEYS ]
# Validate data on the relation
if all(values):
print(event.relation.id)
print(event.relation.name)
service_eps = json.loads(
event.relation.data[event.relation.app]['service-endpoints'])
self.on.ready_identity_service_clients.emit(
event.relation.id,
event.relation.name,
service_eps,
event.relation.data[event.relation.app]['region'],
event.relation.app.name)
def _on_identity_service_relation_broken(self, event):
"""Handle IdentityService broken."""
logging.debug("IdentityServiceProvides on_departed")
# TODO clear data on the relation
def set_identity_service_credentials(self, relation_name: int,
relation_id: str,
api_version: str,
auth_host: str,
auth_port: str,
auth_protocol: str,
internal_host: str,
internal_port: str,
internal_protocol: str,
service_host: str,
service_port: str,
service_protocol: str,
admin_domain: str,
admin_project: str,
admin_user: str,
service_domain: str,
service_password: str,
service_project: str,
service_user: str):
logging.debug("Setting identity_service connection information.")
for relation in self.framework.model.relations[relation_name]:
if relation.id == relation_id:
_identity_service_rel = relation
app_data = _identity_service_rel.data[self.charm.app]
app_data["api-version"] = api_version
app_data["auth-host"] = auth_host
app_data["auth-port"] = str(auth_port)
app_data["auth-protocol"] = auth_protocol
app_data["internal-host"] = internal_host
app_data["internal-port"] = str(internal_port)
app_data["internal-protocol"] = internal_protocol
app_data["service-host"] = service_host
app_data["service-port"] = str(service_port)
app_data["service-protocol"] = service_protocol
app_data["admin-domain-name"] = admin_domain.name
app_data["admin-domain-id"] = admin_domain.id
app_data["admin-project-name"] = admin_project.name
app_data["admin-project-id"] = admin_project.id
app_data["admin-user-name"] = admin_user.name
app_data["admin-user-id"] = admin_user.id
app_data["service-domain-name"] = service_domain.name
app_data["service-domain-id"] = service_domain.id
app_data["service-project-name"] = service_project.name
app_data["service-project-id"] = service_project.id
app_data["service-user-name"] = service_user.name
app_data["service-user-id"] = service_user.id
app_data["service-password"] = service_password

164
charms/horizon-k8s/lib/charms/sunbeam_mysql_k8s/v0/mysql.py Normal file
View File

@ -0,0 +1,164 @@
"""
## Overview
This document explains how to integrate with the MySQL charm for the purposes of consuming a mysql database. It also explains how alternative implementations of the MySQL charm may maintain the same interface and be backward compatible with all currently integrated charms. Finally this document is the authoritative reference on the structure of relation data that is shared between MySQL charms and any other charm that intends to use the database.
## Consumer Library Usage
The MySQL charm library uses the [Provider and Consumer](https://ops.readthedocs.io/en/latest/#module-ops.relation) objects from the Operator Framework. Charms that would like to use a MySQL database must use the `MySQLConsumer` object from the charm library. Using the `MySQLConsumer` object requires instantiating it, typically in the constructor of your charm. The `MySQLConsumer` constructor requires the name of the relation over which a database will be used. This relation must use the `mysql_datastore` interface. In addition the constructor also requires a `consumes` specification, which is a dictionary with key `mysql` (also see Provider Library Usage below) and a value that represents the minimum acceptable version of MySQL. This version string can be in any format that is compatible with the Python [Semantic Version module](https://pypi.org/project/semantic-version/). For example, assuming your charm consumes a database over a rlation named "monitoring", you may instantiate `MySQLConsumer` as follows:
from charms.mysql_k8s.v0.mysql import MySQLConsumer
def __init__(self, *args):
super().__init__(*args)
...
self.mysql_consumer = MySQLConsumer(
self, "monitoring", {"mysql": ">=8"}
)
...
This example hard codes the consumes dictionary argument containing the minimal MySQL version required, however you may want to consider generating this dictionary by some other means, such as a `self.consumes` property in your charm. This is because the minimum required MySQL version may change when you upgrade your charm. Of course it is expected that you will keep this version string updated as you develop newer releases of your charm. If the version string can be determined at run time by inspecting the actual deployed version of your charmed application, this would be ideal.
An instantiated `MySQLConsumer` object may be used to request new databases using the `new_database()` method. This method requires no arguments unless you require multiple databases. If multiple databases are requested, you must provide a unique `name_suffix` argument. For example:
def _on_database_relation_joined(self, event):
self.mysql_consumer.new_database(name_suffix="db1")
self.mysql_consumer.new_database(name_suffix="db2")
The `address`, `port`, `databases`, and `credentials` methods can all be called
to get the relevant information from the relation data.
"""
# !/usr/bin/env python3
# Copyright 2021 Canonical Ltd.
# See LICENSE file for licensing details.
import json
import uuid
import logging
from ops.framework import (
StoredState,
EventBase,
ObjectEvents,
EventSource,
Object,
)
# The unique Charmhub library identifier, never change it
LIBID = "1fdc567d7095465990dc1f9be80461fd"
# Increment this major API version when introducing breaking changes
LIBAPI = 0
# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 2
logger = logging.getLogger(__name__)
class DatabaseConnectedEvent(EventBase):
"""Database connected Event."""
pass
class DatabaseReadyEvent(EventBase):
"""Database ready for use Event."""
pass
class DatabaseGoneAwayEvent(EventBase):
"""Database relation has gone-away Event"""
pass
class DatabaseServerEvents(ObjectEvents):
"""Events class for `on`"""
connected = EventSource(DatabaseConnectedEvent)
ready = EventSource(DatabaseReadyEvent)
goneaway = EventSource(DatabaseGoneAwayEvent)
class MySQLConsumer(Object):
"""
MySQLConsumer lib class
"""
on = DatabaseServerEvents()
def __init__(self, charm, relation_name: str, databases: list):
super().__init__(charm, relation_name)
self.charm = charm
self.relation_name = relation_name
self.request_databases = databases
self.framework.observe(
self.charm.on[relation_name].relation_joined,
self._on_database_relation_joined,
)
def _on_database_relation_joined(self, event):
"""AMQP relation joined."""
logging.debug("DatabaseRequires on_joined")
self.on.connected.emit()
self.request_access(self.request_databases)
def databases(self, rel_id=None) -> list:
"""
List of currently available databases
Returns:
list: list of database names
"""
rel = self.framework.model.get_relation(self.relation_name, rel_id)
relation_data = rel.data[rel.app]
dbs = relation_data.get("databases")
databases = json.loads(dbs) if dbs else []
return databases
def credentials(self, rel_id=None) -> dict:
"""
Dictionary of credential information to access databases
Returns:
dict: dictionary of credential information including username,
password and address
"""
rel = self.framework.model.get_relation(self.relation_name, rel_id)
relation_data = rel.data[rel.app]
data = relation_data.get("data")
data = json.loads(data) if data else {}
credentials = data.get("credentials")
return credentials
def new_database(self, rel_id=None, name_suffix=""):
"""
Request creation of an additional database
"""
if not self.charm.unit.is_leader():
return
rel = self.framework.model.get_relation(self.relation_name, rel_id)
if name_suffix:
name_suffix = "_{}".format(name_suffix)
rid = str(uuid.uuid4()).split("-")[-1]
db_name = "db_{}_{}_{}".format(rel.id, rid, name_suffix)
logger.debug("CLIENT REQUEST %s", db_name)
rel_data = rel.data[self.charm.app]
dbs = rel_data.get("databases")
dbs = json.loads(dbs) if dbs else []
dbs.append(db_name)
rel.data[self.charm.app]["databases"] = json.dumps(dbs)
def request_access(self, databases: list) -> None:
"""Request access to the AMQP server."""
if self.model.unit.is_leader():
logging.debug("Requesting AMQP user and vhost")
if databases:
rel = self.framework.model.get_relation(self.relation_name)
rel.data[self.charm.app]["databases"] = json.dumps(databases)

289
charms/horizon-k8s/lib/charms/sunbeam_rabbitmq_operator/v0/amqp.py Normal file
View File

@ -0,0 +1,289 @@
"""AMQPProvides and Requires module.
This library contains the Requires and Provides classes for handling
the amqp interface.
Import `AMQPRequires` in your charm, with the charm object and the
relation name:
- self
- "amqp"
Also provide two additional parameters to the charm object:
- username
- vhost
Two events are also available to respond to:
- connected
- ready
- goneaway
A basic example showing the usage of this relation follows:
```
from charms.sunbeam_rabbitmq_operator.v0.amqp import AMQPRequires
class AMQPClientCharm(CharmBase):
def __init__(self, *args):
super().__init__(*args)
# AMQP Requires
self.amqp = AMQPRequires(
self, "amqp",
username="myusername",
vhost="vhostname"
)
self.framework.observe(
self.amqp.on.connected, self._on_amqp_connected)
self.framework.observe(
self.amqp.on.ready, self._on_amqp_ready)
self.framework.observe(
self.amqp.on.goneaway, self._on_amqp_goneaway)
def _on_amqp_connected(self, event):
'''React to the AMQP connected event.
This event happens when n AMQP relation is added to the
model before credentials etc have been provided.
'''
# Do something before the relation is complete
pass
def _on_amqp_ready(self, event):
'''React to the AMQP ready event.
The AMQP interface will use the provided username and vhost for the
request to the rabbitmq server.
'''
# AMQP Relation is ready. Do something with the completed relation.
pass
def _on_amqp_goneaway(self, event):
'''React to the AMQP goneaway event.
This event happens when an AMQP relation is removed.
'''
# AMQP Relation has goneaway. shutdown services or suchlike
pass
```
"""
# The unique Charmhub library identifier, never change it
LIBID = "ab1414b6baf044f099caf9c117f1a101"
# Increment this major API version when introducing breaking changes
LIBAPI = 0
# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 4
import logging
from ops.framework import (
StoredState,
EventBase,
ObjectEvents,
EventSource,
Object,
)
from ops.model import Relation
from typing import List
logger = logging.getLogger(__name__)
class AMQPConnectedEvent(EventBase):
"""AMQP connected Event."""
pass
class AMQPReadyEvent(EventBase):
"""AMQP ready for use Event."""
pass
class AMQPGoneAwayEvent(EventBase):
"""AMQP relation has gone-away Event"""
pass
class AMQPServerEvents(ObjectEvents):
"""Events class for `on`"""
connected = EventSource(AMQPConnectedEvent)
ready = EventSource(AMQPReadyEvent)
goneaway = EventSource(AMQPGoneAwayEvent)
class AMQPRequires(Object):
"""
AMQPRequires class
"""
on = AMQPServerEvents()
_stored = StoredState()
def __init__(self, charm, relation_name: str, username: str, vhost: str):
super().__init__(charm, relation_name)
self.charm = charm
self.relation_name = relation_name
self.username = username
self.vhost = vhost
self.framework.observe(
self.charm.on[relation_name].relation_joined,
self._on_amqp_relation_joined,
)
self.framework.observe(
self.charm.on[relation_name].relation_changed,
self._on_amqp_relation_changed,
)
self.framework.observe(
self.charm.on[relation_name].relation_departed,
self._on_amqp_relation_changed,
)
self.framework.observe(
self.charm.on[relation_name].relation_broken,
self._on_amqp_relation_broken,
)
def _on_amqp_relation_joined(self, event):
"""AMQP relation joined."""
logging.debug("RabbitMQAMQPRequires on_joined")
self.on.connected.emit()
self.request_access(self.username, self.vhost)
def _on_amqp_relation_changed(self, event):
"""AMQP relation changed."""
logging.debug("RabbitMQAMQPRequires on_changed/departed")
if self.password:
self.on.ready.emit()
def _on_amqp_relation_broken(self, event):
"""AMQP relation broken."""
logging.debug("RabbitMQAMQPRequires on_broken")
self.on.goneaway.emit()
@property
def _amqp_rel(self) -> Relation:
"""The AMQP relation."""
return self.framework.model.get_relation(self.relation_name)
@property
def password(self) -> str:
"""Return the AMQP password from the server side of the relation."""
return self._amqp_rel.data[self._amqp_rel.app].get("password")
@property
def hostname(self) -> str:
"""Return the hostname from the AMQP relation"""
return self._amqp_rel.data[self._amqp_rel.app].get("hostname")
@property
def ssl_port(self) -> str:
"""Return the SSL port from the AMQP relation"""
return self._amqp_rel.data[self._amqp_rel.app].get("ssl_port")
@property
def ssl_ca(self) -> str:
"""Return the SSL port from the AMQP relation"""
return self._amqp_rel.data[self._amqp_rel.app].get("ssl_ca")
@property
def hostnames(self) -> List[str]:
"""Return a list of remote RMQ hosts from the AMQP relation"""
_hosts = []
for unit in self._amqp_rel.units:
_hosts.append(self._amqp_rel.data[unit].get("ingress-address"))
return _hosts
def request_access(self, username: str, vhost: str) -> None:
"""Request access to the AMQP server."""
if self.model.unit.is_leader():
logging.debug("Requesting AMQP user and vhost")
self._amqp_rel.data[self.charm.app]["username"] = username
self._amqp_rel.data[self.charm.app]["vhost"] = vhost
class HasAMQPClientsEvent(EventBase):
"""Has AMQPClients Event."""
pass
class ReadyAMQPClientsEvent(EventBase):
"""AMQPClients Ready Event."""
pass
class AMQPClientEvents(ObjectEvents):
"""Events class for `on`"""
has_amqp_clients = EventSource(HasAMQPClientsEvent)
ready_amqp_clients = EventSource(ReadyAMQPClientsEvent)
class AMQPProvides(Object):
"""
AMQPProvides class
"""
on = AMQPClientEvents()
_stored = StoredState()
def __init__(self, charm, relation_name, callback):
super().__init__(charm, relation_name)
self.charm = charm
self.relation_name = relation_name
self.callback = callback
self.framework.observe(
self.charm.on[relation_name].relation_joined,
self._on_amqp_relation_joined,
)
self.framework.observe(
self.charm.on[relation_name].relation_changed,
self._on_amqp_relation_changed,
)
self.framework.observe(
self.charm.on[relation_name].relation_broken,
self._on_amqp_relation_broken,
)
def _on_amqp_relation_joined(self, event):
"""Handle AMQP joined."""
logging.debug("RabbitMQAMQPProvides on_joined data={}"
.format(event.relation.data))
self.on.has_amqp_clients.emit()
def _on_amqp_relation_changed(self, event):
"""Handle AMQP changed."""
logging.debug("RabbitMQAMQPProvides on_changed data={}"
.format(event.relation.data))
# Validate data on the relation
if self.username(event) and self.vhost(event):
self.on.ready_amqp_clients.emit()
if self.charm.unit.is_leader():
self.callback(event, self.username(event), self.vhost(event))
else:
logging.warning("Received AMQP changed event without the "
"expected keys ('username', 'vhost') in the "
"application data bag. Incompatible charm in "
"other end of relation?")
def _on_amqp_relation_broken(self, event):
"""Handle AMQP broken."""
logging.debug("RabbitMQAMQPProvides on_departed")
# TODO clear data on the relation
def username(self, event):
"""Return the AMQP username from the client side of the relation."""
return event.relation.data[event.relation.app].get("username")
def vhost(self, event):
"""Return the AMQP vhost from the client side of the relation."""
return event.relation.data[event.relation.app].get("vhost")

377
charms/horizon-k8s/lib/charms/traefik_k8s/v0/ingress.py Normal file
View File

@ -0,0 +1,377 @@
# Copyright 2022 Canonical Ltd.
# See LICENSE file for licensing details.
r"""# Interface Library for ingress.
This library wraps relation endpoints using the `ingress` interface
and provides a Python API for both requesting and providing per-application
ingress, with load-balancing occurring across all units.
## Getting Started
To get started using the library, you just need to fetch the library using `charmcraft`.
**Note that you also need to add the `serialized_data_interface` dependency to your
charm's `requirements.txt`.**
```shell
cd some-charm
charmcraft fetch-lib charms.traefik_k8s.v0.ingress
echo -e "serialized_data_interface\n" >> requirements.txt
```
In the `metadata.yaml` of the charm, add the following:
```yaml
requires:
ingress:
interface: ingress
limit: 1
```
Then, to initialise the library:
```python
# ...
from charms.traefik_k8s.v0.ingress import IngressPerAppRequirer
class SomeCharm(CharmBase):
def __init__(self, *args):
# ...
self.ingress = IngressPerAppRequirer(self, port=80)
# The following event is triggered when the ingress URL to be used
# by this deployment of the `SomeCharm` changes or there is no longer
# an ingress URL available, that is, `self.ingress_per_unit` would
# return `None`.
self.framework.observe(
self.ingress.on.ingress_changed, self._handle_ingress
)
# ...
def _handle_ingress(self, event):
logger.info("This app's ingress URL: %s", self.ingress.url)
```
"""
import logging
from typing import Optional
from ops.charm import CharmBase, RelationBrokenEvent, RelationEvent, RelationRole
from ops.framework import EventSource, StoredState
from ops.model import Relation
try:
from serialized_data_interface import EndpointWrapper
from serialized_data_interface.errors import RelationDataError, UnversionedRelation
from serialized_data_interface.events import EndpointWrapperEvents
except ImportError:
import os
library_name = os.path.basename(__file__)
raise ModuleNotFoundError(
"To use the '{}' library, you must include "
"the '{}' package in your dependencies".format(library_name, "serialized_data_interface")
) from None # Suppress original ImportError
# The unique Charmhub library identifier, never change it
LIBID = "e6de2a5cd5b34422a204668f3b8f90d2"
# Increment this major API version when introducing breaking changes
LIBAPI = 0
# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 5
log = logging.getLogger(__name__)
INGRESS_SCHEMA = {
"v1": {
"requires": {
"app": {
"type": "object",
"properties": {
"model": {"type": "string"},
"name": {"type": "string"},
"host": {"type": "string"},
"port": {"type": "integer"},
},
"required": ["model", "name", "host", "port"],
},
},
"provides": {
"app": {
"type": "object",
"properties": {
"ingress": {
"type": "object",
"properties": {
"url": {"type": "string"},
},
}
},
"required": ["ingress"],
},
},
}
}
class IngressPerAppRequestEvent(RelationEvent):
"""Event representing an incoming request.
This is equivalent to the "ready" event, but is more semantically meaningful.
"""
class IngressPerAppProviderEvents(EndpointWrapperEvents):
"""Container for IUP events."""
request = EventSource(IngressPerAppRequestEvent)
class IngressPerAppProvider(EndpointWrapper):
"""Implementation of the provider of ingress."""
ROLE = RelationRole.provides.name
INTERFACE = "ingress"
SCHEMA = INGRESS_SCHEMA
on = IngressPerAppProviderEvents()
def __init__(self, charm: CharmBase, endpoint: str = None):
"""Constructor for IngressPerAppProvider.
Args:
charm: The charm that is instantiating the instance.
endpoint: The name of the relation endpoint to bind to
(defaults to "ingress").
"""
super().__init__(charm, endpoint)
self.framework.observe(self.on.ready, self._emit_request_event)
def _emit_request_event(self, event):
self.on.request.emit(event.relation)
def get_request(self, relation: Relation):
"""Get the IngressPerAppRequest for the given Relation."""
return IngressPerAppRequest(self, relation)
def is_failed(self, relation: Relation = None):
"""Checks whether the given relation, or any relation if not specified, has an error."""
if relation is None:
return any(self.is_failed(relation) for relation in self.relations)
if super().is_failed(relation):
return True
try:
data = self.unwrap(relation)
except UnversionedRelation:
return False
prev_fields = None
other_app = relation.app
new_fields = {
field: data[other_app][field]
for field in ("model", "port")
if field in data[other_app]
}
if prev_fields is None:
prev_fields = new_fields
if new_fields != prev_fields:
raise RelationDataMismatchError(relation, other_app)
return False
@property
def proxied_endpoints(self):
"""Returns the ingress settings provided to applications by this IngressPerAppProvider.
For example, when this IngressPerAppProvider has provided the
`http://foo.bar/my-model.my-app` URL to the my-app application, the returned dictionary
will be:
```
{
"my-app": {
"url": "http://foo.bar/my-model.my-app"
}
}
```
"""
return {
ingress_relation.app.name: self.unwrap(ingress_relation)[self.charm.app].get(
"ingress", {}
)
for ingress_relation in self.charm.model.relations[self.endpoint]
}
class IngressPerAppRequest:
"""A request for per-application ingress."""
def __init__(self, provider: IngressPerAppProvider, relation: Relation):
"""Construct an IngressRequest."""
self._provider = provider
self._relation = relation
self._data = provider.unwrap(relation)
@property
def model(self):
"""The name of the model the request was made from."""
return self._data[self.app].get("model")
@property
def app(self):
"""The remote application."""
return self._relation.app
@property
def app_name(self):
"""The name of the remote app.
Note: This is not the same as `self.app.name` when using CMR relations,
since `self.app.name` is replaced by a `remote-{UUID}` pattern.
"""
return self._relation.app.name
@property
def host(self):
"""The hostname to be used to route to the application."""
return self._data[self.app].get("host")
@property
def port(self):
"""The port to be used to route to the application."""
return self._data[self.app].get("port")
def respond(self, url: str):
"""Send URL back for the application.
Note: only the leader can send URLs.
"""
ingress = self._data[self._provider.charm.app].setdefault("ingress", {})
ingress["url"] = url
self._provider.wrap(self._relation, self._data)
class RelationDataMismatchError(RelationDataError):
"""Data from different units do not match where they should."""
class IngressPerAppConfigurationChangeEvent(RelationEvent):
"""Event representing a change in the data sent by the ingress."""
class IngressPerAppRequirerEvents(EndpointWrapperEvents):
"""Container for IUP events."""
ingress_changed = EventSource(IngressPerAppConfigurationChangeEvent)
class IngressPerAppRequirer(EndpointWrapper):
"""Implementation of the requirer of the ingress relation."""
on = IngressPerAppRequirerEvents()
_stored = StoredState()
ROLE = RelationRole.requires.name
INTERFACE = "ingress"
SCHEMA = INGRESS_SCHEMA
LIMIT = 1
def __init__(
self,
charm: CharmBase,
endpoint: str = None,
*,
host: str = None,
port: int = None,
):
"""Constructor for IngressRequirer.
The request args can be used to specify the ingress properties when the
instance is created. If any are set, at least `port` is required, and
they will be sent to the ingress provider as soon as it is available.
All request args must be given as keyword args.
Args:
charm: the charm that is instantiating the library.
endpoint: the name of the relation endpoint to bind to (defaults to `ingress`);
relation must be of interface type `ingress` and have "limit: 1")
host: Hostname to be used by the ingress provider to address the requiring
application; if unspecified, the default Kubernetes service name will be used.
Request Args:
port: the port of the service
"""
super().__init__(charm, endpoint)
# Workaround for SDI not marking the EndpointWrapper as not
# ready upon a relation broken event
self.is_relation_broken = False
self._stored.set_default(current_url=None)
if port and charm.unit.is_leader():
self.auto_data = self._complete_request(host or "", port)
self.framework.observe(
self.charm.on[self.endpoint].relation_changed, self._emit_ingress_change_event
)
self.framework.observe(
self.charm.on[self.endpoint].relation_broken, self._emit_ingress_change_event
)
def _emit_ingress_change_event(self, event):
if isinstance(event, RelationBrokenEvent):
self.is_relation_broken = True
# Avoid spurious events, emit only when URL changes
new_url = self.url
if self._stored.current_url != new_url:
self._stored.current_url = new_url
self.on.ingress_changed.emit(self.relation)
def _complete_request(self, host: Optional[str], port: int):
if not host:
# TODO Make host mandatory?
host = "{app_name}.{model_name}.svc.cluster.local".format(
app_name=self.app.name,
model_name=self.model.name,
)
return {
self.app: {
"model": self.model.name,
"name": self.charm.unit.name,
"host": host,
"port": port,
}
}
def request(self, *, host: str = None, port: int):
"""Request ingress to this application.
Args:
host: Hostname to be used by the ingress provider to address the requirer; if
unspecified, the Kubernetes service address is used.
port: the port of the service (required)
"""
self.wrap(self.relation, self._complete_request(host, port))
@property
def relation(self):
"""The established Relation instance, or None."""
return self.relations[0] if self.relations else None
@property
def url(self):
"""The full ingress URL to reach the current unit.
May return None if the URL isn't available yet.
"""
if self.is_relation_broken or not self.is_ready():
return {}
data = self.unwrap(self.relation)
ingress = data[self.relation.app].get("ingress", {})
return ingress.get("url")

42
charms/horizon-k8s/metadata.yaml Normal file
View File

@ -0,0 +1,42 @@
name: sunbeam-openstack-dashboard-ops
summary: OpenStack openstack-dashboard service
maintainer: OpenStack Charmers <openstack-charmers@lists.ubuntu.com>
description: |
OpenStack openstack-dashboard provides an HTTP service for managing, selecting,
and claiming providers of classes of inventory representing available
resources in a cloud.
.
version: 3
bases:
- name: ubuntu
channel: 20.04/stable
tags:
- openstack
containers:
openstack-dashboard:
resource: openstack-dashboard-image
resources:
openstack-dashboard-image:
type: oci-image
description: OCI image for OpenStack openstack-dashboard
requires:
shared-db:
interface: mysql_datastore
limit: 1
ingress:
interface: ingress
limit: 1
cloud-credentials:
interface: keystone-credentials
limit: 1
provides:
openstack-dashboard:
interface: openstack-dashboard
peers:
peers:
interface: openstack-dashboard-peer

9
charms/horizon-k8s/requirements.txt Normal file
View File

@ -0,0 +1,9 @@
ops
jinja2
git+https://opendev.org/openstack/charm-ops-openstack#egg=ops_openstack
#git+https://github.com/openstack-charmers/advanced-sunbeam-openstack#egg=advanced_sunbeam_openstack
git+https://github.com/gnuoy/advanced-sunbeam-openstack@add-cloud-creds#egg=advanced_sunbeam_openstack
lightkube
lightkube-models
serialized_data_interface

124
charms/horizon-k8s/src/charm.py Executable file
View File

@ -0,0 +1,124 @@
#!/usr/bin/env python3
"""OpenstackDashboard Operator Charm.
This charm provide OpenstackDashboard services as part of an OpenStack
deployment
"""
import logging
from typing import List
import ops.framework
from ops.main import main
import advanced_sunbeam_openstack.core as sunbeam_core
import advanced_sunbeam_openstack.charm as sunbeam_charm
import advanced_sunbeam_openstack.container_handlers as sunbeam_chandlers
logger = logging.getLogger(__name__)
class WSGIDashboardPebbleHandler(sunbeam_chandlers.WSGIPebbleHandler):
def init_service(self, context: sunbeam_core.OPSCharmContexts) -> None:
"""Enable and start WSGI service."""
container = self.charm.unit.get_container(self.container_name)
try:
process = container.exec(
['a2dissite', '000-default'],
timeout=5*60)
out, warnings = process.wait_output()
if warnings:
for line in warnings.splitlines():
logger.warning('a2dissite warn: %s', line.strip())
logging.debug(f'Output from a2dissite: \n{out}')
except ops.pebble.ExecError:
logger.exception(
f"Failed to disable default site in apache"
)
super().init_service(context)
class OpenstackDashboardOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
"""Charm the service."""
_state = ops.framework.StoredState()
service_name = "openstack-dashboard"
wsgi_admin_script = (
"/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi")
wsgi_public_script = (
"/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi")
db_sync_cmds = [
[
'python3',
'/usr/share/openstack-dashboard/manage.py',
'migrate',
'--noinput']
]
@property
def default_public_ingress_port(self):
return 80
@property
def apache_vhost(self) -> str:
"""Service default configuration file."""
return f"/etc/apache2/sites-enabled/openstack-dashboard.conf"
@property
def service_conf(self) -> str:
"""Service default configuration file."""
return f"/etc/openstack-dashboard/local_settings.py"
@property
def service_user(self) -> str:
"""Service user file and directory ownership."""
return 'horizon'
@property
def service_group(self) -> str:
"""Service group file and directory ownership."""
return 'horizon'
@property
def service_endpoints(self):
return [
{
'service_name': 'openstack-dashboard',
'type': 'openstack-dashboard',
'description': "OpenStack OpenstackDashboard API",
'internal_url': f'{self.internal_url}',
'public_url': f'{self.public_url}',
'admin_url': f'{self.admin_url}'}]
def get_pebble_handlers(self) -> List[sunbeam_chandlers.PebbleHandler]:
"""Pebble handlers for the service."""
return [
WSGIDashboardPebbleHandler(
self,
self.service_name,
self.service_name,
self.container_configs,
self.template_dir,
self.openstack_release,
self.configure_charm,
f"wsgi-{self.service_name}",
)
]
def configure_charm(self, event: ops.framework.EventBase) -> None:
"""Configure charm services."""
super().configure_charm(event)
if self.bootstrapped():
self.unit.status = ops.model.ActiveStatus(self.ingress.url)
class OpenstackDashboardWallabyOperatorCharm(OpenstackDashboardOperatorCharm):
openstack_release = 'wallaby'
if __name__ == "__main__":
# Note: use_juju_for_storage=True required per
# https://github.com/canonical/operator/issues/506
main(OpenstackDashboardWallabyOperatorCharm, use_juju_for_storage=True)

927
charms/horizon-k8s/src/templates/local_settings.py.j2 Normal file
View File

@ -0,0 +1,927 @@
# -*- coding: utf-8 -*-
import os
from django.utils.translation import ugettext_lazy as _
from horizon.utils import secret_key
from logging.handlers import SysLogHandler
from openstack_dashboard import exceptions
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = {{ options.debug }}
TEMPLATE_DEBUG = DEBUG
# WEBROOT is the location relative to Webserver root
# should end with a slash.
#LOGIN_URL = WEBROOT + 'auth/login/'
#LOGOUT_URL = WEBROOT + 'auth/logout/'
#
# LOGIN_REDIRECT_URL can be used as an alternative for
# HORIZON_CONFIG.user_home, if user_home is not set.
# Do not set it to '/home/', as this will cause circular redirect loop
#LOGIN_REDIRECT_URL = WEBROOT
# If horizon is running in production (DEBUG is False), set this
# with the list of host/domain names that the application can serve.
# For more information see:
# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
#ALLOWED_HOSTS = ['horizon.example.com', ]
# Set SSL proxy settings:
# Pass this header from the proxy after terminating the SSL,
# and don't forget to strip it from the client's request.
# For more information see:
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header
#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# If Horizon is being served through SSL, then uncomment the following two
# settings to better secure the cookies from security exploits
#CSRF_COOKIE_SECURE = True
#SESSION_COOKIE_SECURE = True
# XXX Add these when SSL is added
# CSRF_COOKIE_SECURE = True
# SESSION_COOKIE_SECURE = True
# A method to supersede the token timeout with a shorter dashboard session
# timeout in seconds.
SESSION_TIMEOUT = {{ options.session_timeout }}
# The absolute path to the directory where message files are collected.
# The message file must have a .json file extension. When the user logins to
# horizon, the message files collected are processed and displayed to the user.
#MESSAGES_PATH=None
# Overrides for OpenStack API versions. Use this setting to force the
# OpenStack dashboard to use a specific API version for a given service API.
# Versions specified here should be integers or floats, not strings.
# NOTE: The version should be formatted as it appears in the URL for the
# service API. For example, The identity service APIs have inconsistent
# use of the decimal point, so valid options would be 2.0 or 3.
# Minimum compute version to get the instance locked status is 2.9.
#OPENSTACK_API_VERSIONS = {
# "data-processing": 1.1,
# "identity": 3,
# "volume": 2,
# "compute": 2,
#}
# Set this to True if running on a multi-domain model. When this is enabled, it
# will require the user to enter the Domain name in addition to the username
# for login.
#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
# Overrides the default domain used when running on single-domain model
# with Keystone V3. All entities will be created in the default domain.
# NOTE: This value must be the ID of the default domain, NOT the name.
# Also, you will most likely have a value in the keystone policy file like this
# "cloud_admin": "rule:admin_required and domain_id:<your domain id>"
# This value must match the domain id specified there.
#OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'
# Set this to True to enable panels that provide the ability for users to
# manage Identity Providers (IdPs) and establish a set of rules to map
# federation protocol attributes to Identity API attributes.
# This extension requires v3.0+ of the Identity API.
#OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False
# Set Console type:
# valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL" or None
# Set to None explicitly if you want to deactivate the console.
#CONSOLE_TYPE = "AUTO"
# If provided, a "Report Bug" link will be displayed in the site header
# which links to the value of this setting (ideally a URL containing
# information on how to report issues).
#HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com"
# Show backdrop element outside the modal, do not close the modal
# after clicking on backdrop.
#HORIZON_CONFIG["modal_backdrop"] = "static"
# Specify a regular expression to validate user passwords.
#HORIZON_CONFIG["password_validator"] = {
# "regex": '.*',
# "help_text": _("Your password does not meet the requirements."),
#}
# Disable simplified floating IP address management for deployments with
# multiple floating IP pools or complex network requirements.
#HORIZON_CONFIG["simple_ip_management"] = False
# Turn off browser autocompletion for forms including the login form and
# the database creation workflow if so desired.
#HORIZON_CONFIG["password_autocomplete"] = "off"
{% if options.allow_password_autocompletion %}
HORIZON_CONFIG["password_autocomplete"] = "on"
{% endif %}
# Setting this to True will disable the reveal button for password fields,
# including on the login form.
#HORIZON_CONFIG["disable_password_reveal"] = False
{% if options.disable_password_reveal %}
HORIZON_CONFIG["disable_password_reveal"] = True
{% endif %}
LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
# Set custom secret key:
# You can either set it to a specific value or you can let horizon generate a
# default secret key that is unique on this machine, e.i. regardless of the
# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However,
# there may be situations where you would want to set this explicitly, e.g.
# when multiple dashboard instances are distributed on different machines
# (usually behind a load-balancer). Either you have to make sure that a session
# gets all requests routed to the same dashboard instance or you set the same
# SECRET_KEY for all of them.
SECRET_KEY = "{{ secret }}"
# We recommend you use memcached for development; otherwise after every reload
# of the django development server, you will have to login again. To use
# memcached set CACHES to something like
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
},
}
{% if shared_db.database_host -%}
SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
DATABASES = {
'default': {
# Database configuration here
'ENGINE': 'django.db.backends.mysql',
'NAME': '{{ shared_db.database }}',
'USER': '{{ shared_db.database_user }}',
'PASSWORD': '{{ shared_db.database_password }}',
'HOST': '{{ shared_db.database_host }}',
'default-character-set': 'utf8'
}
}
{% else -%}
# Warning: Please add DB relation for Keystone v3 + HA deployments
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
{% endif -%}
#CACHES = {
# 'default': {
# 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
# }
#}
# Send email to the console by default
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
# Or send them to /dev/null
#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
# Configure these for your outgoing email host
#EMAIL_HOST = 'smtp.my-company.com'
#EMAIL_PORT = 25
#EMAIL_HOST_USER = 'djangomail'
#EMAIL_HOST_PASSWORD = 'top-secret!'
# For multiple regions uncomment this configuration, and add (endpoint, title).
#AVAILABLE_REGIONS = [
# ('http://cluster1.example.com:5000/v2.0', 'cluster1'),
# ('http://cluster2.example.com:5000/v2.0', 'cluster2'),
#]
OPENSTACK_HOST = "{{ cloud_credentials.internal_host }}"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
OPENSTACK_KEYSTONE_URL = "{{ cloud_credentials.internal_protocol }}://%s:{{ cloud_credentials.internal_port }}/v3" % OPENSTACK_HOST
OPENSTACK_API_VERSIONS = { "identity": 3, }
# OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = {{ multi_domain }}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ cloud_credentials.admin_domain_id }}"
# Enables keystone web single-sign-on if set to True.
#WEBSSO_ENABLED = False
# Determines which authentication choice to show as default.
#WEBSSO_INITIAL_CHOICE = "credentials"
# The list of authentication mechanisms which include keystone
# federation protocols and identity provider/federation protocol
# mapping keys (WEBSSO_IDP_MAPPING). Current supported protocol
# IDs are 'saml2' and 'oidc' which represent SAML 2.0, OpenID
# Connect respectively.
# Do not remove the mandatory credentials mechanism.
# Note: The last two tuples are sample mapping keys to a identity provider
# and federation protocol combination (WEBSSO_IDP_MAPPING).
#WEBSSO_CHOICES = (
# ("credentials", _("Keystone Credentials")),
# ("oidc", _("OpenID Connect")),
# ("saml2", _("Security Assertion Markup Language")),
# ("acme_oidc", "ACME - OpenID Connect"),
# ("acme_saml2", "ACME - SAML2"),
#)
# A dictionary of specific identity provider and federation protocol
# combinations. From the selected authentication mechanism, the value
# will be looked up as keys in the dictionary. If a match is found,
# it will redirect the user to a identity provider and federation protocol
# specific WebSSO endpoint in keystone, otherwise it will use the value
# as the protocol_id when redirecting to the WebSSO by protocol endpoint.
# NOTE: The value is expected to be a tuple formatted as: (<idp_id>, <protocol_id>).
#WEBSSO_IDP_MAPPING = {
# "acme_oidc": ("acme", "oidc"),
# "acme_saml2": ("acme", "saml2"),
#}
# Disable SSL certificate checks (useful for self-signed certificates):
#OPENSTACK_SSL_NO_VERIFY = True
# The CA certificate to use to verify SSL connections
#OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
# capabilities of the auth backend for Keystone.
# If Keystone has been configured to use LDAP as the auth backend then set
# can_edit_user to False and name to 'ldap'.
#
# TODO(tres): Remove these once Keystone has an API to identify auth backend.
OPENSTACK_KEYSTONE_BACKEND = {
'name': 'native',
'can_edit_user': True,
'can_edit_group': True,
'can_edit_project': True,
'can_edit_domain': True,
'can_edit_role': True,
}
# Setting this to True, will add a new "Retrieve Password" action on instance,
# allowing Admin session password retrieval/decryption.
#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
{% if options.password_retrieve %}
OPENSTACK_ENABLE_PASSWORD_RETRIEVE = True
{% endif %}
# The Launch Instance user experience has been significantly enhanced.
# You can choose whether to enable the new launch instance experience,
# the legacy experience, or both. The legacy experience will be removed
# in a future release, but is available as a temporary backup setting to ensure
# compatibility with existing deployments. Further development will not be
# done on the legacy experience. Please report any problems with the new
# experience via the Launchpad tracking system.
#
# Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
# determine the experience to enable. Set them both to true to enable
# both.
#LAUNCH_INSTANCE_LEGACY_ENABLED = True
#LAUNCH_INSTANCE_NG_ENABLED = False
# A dictionary of settings which can be used to provide the default values for
# properties found in the Launch Instance modal.
#LAUNCH_INSTANCE_DEFAULTS = {
# 'config_drive': False,
# 'enable_scheduler_hints': True,
# 'disable_image': False,
# 'disable_instance_snapshot': False,
# 'disable_volume': False,
# 'disable_volume_snapshot': False,
# 'create_volume': True,
#}
LAUNCH_INSTANCE_DEFAULTS = {
'create_volume': {{ options.default_create_volume }},
'disable_instance_snapshot': {{ options.disable_instance_snapshot }},
'hide_create_volume': {{ options.hide_create_volume }}
}
# The Xen Hypervisor has the ability to set the mount point for volumes
# attached to instances (other Hypervisors currently do not). Setting
# can_set_mount_point to True will add the option to set the mount point
# from the UI.
OPENSTACK_HYPERVISOR_FEATURES = {
'can_set_mount_point': False,
'can_set_password': False,
'requires_keypair': False,
'enable_quotas': True
}
# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional
# services provided by cinder that is not exposed by its extension API.
OPENSTACK_CINDER_FEATURES = {
'enable_backup': {{ options.cinder_backup }},
}
# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
# services provided by neutron. Options currently available are load
# balancer service, security groups, quotas, VPN service.
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': True,
'enable_quotas': True,
'enable_ipv6': True,
'enable_distributed_router': {{ options.neutron_network_dvr }},
'enable_ha_router': {{ options.neutron_network_l3ha }},
'enable_fip_topology_check': {{ options.enable_fip_topology_check }},
# Default dns servers you would like to use when a subnet is
# created. This is only a default, users can still choose a different
# list of dns servers when creating a new subnet.
# The entries below are examples only, and are not appropriate for
# real deployments
# 'default_dns_nameservers': ["8.8.8.8", "8.8.4.4", "208.67.222.222"],
# Neutron can be configured with a default Subnet Pool to be used for IPv4
# subnet-allocation. Specify the label you wish to display in the Address
# pool selector on the create subnet step if you want to use this feature.
'default_ipv4_subnet_pool_label': None,
# Neutron can be configured with a default Subnet Pool to be used for IPv6
# subnet-allocation. Specify the label you wish to display in the Address
# pool selector on the create subnet step if you want to use this feature.
# You must set this to enable IPv6 Prefix Delegation in a PD-capable
# environment.
'default_ipv6_subnet_pool_label': None,
# The profile_support option is used to detect if an external router can be
# configured via the dashboard. When using specific plugins the
# profile_support can be turned on if needed.
{% if support_profile -%}
'profile_support': '{{ options.support_profile }}',
{% else -%}
'profile_support': None,
{% endif -%}
#'profile_support': 'cisco',
# Set which provider network types are supported. Only the network types
# in this list will be available to choose from when creating a network.
# Network types include local, flat, vlan, gre, vxlan and geneve.
'supported_provider_types': ['*'],
# You can configure available segmentation ID range per network type
# in your deployment.
# 'segmentation_id_range': {
# 'vlan': [1024, 2048],
# 'vxlan': [4094, 65536],
# },
# You can define additional provider network types here.
# 'extra_provider_types': {
# 'awesome_type': {
# 'display_name': 'Awesome New Type',
# 'require_physical_network': False,
# 'require_segmentation_id': True,
# }
# },
# Set which VNIC types are supported for port binding. Only the VNIC
# types in this list will be available to choose from when creating a
# port.
# VNIC types include 'normal', 'macvtap' and 'direct'.
# Set to empty list or None to disable VNIC type selection.
'supported_vnic_types': ['*'],
}
# The OPENSTACK_HEAT_STACK settings can be used to disable password
# field required while launching the stack.
OPENSTACK_HEAT_STACK = {
'enable_user_pass': True,
}
# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features
# in the OpenStack Dashboard related to the Image service, such as the list
# of supported image formats.
{% if options.image_formats -%}
OPENSTACK_IMAGE_BACKEND = {
'image_formats': [
('', _('Select format')),
{% if 'aki' in image_formats -%}('aki', _('AKI - Amazon Kernel Image')),{% endif %}
{% if 'ami' in image_formats -%}('ami', _('AMI - Amazon Machine Image')),{% endif %}
{% if 'ari' in image_formats -%}('ari', _('ARI - Amazon Ramdisk Image')),{% endif %}
{% if 'docker' in image_formats -%}('docker', _('Docker')),{% endif %}
{% if 'iso' in image_formats -%}('iso', _('ISO - Optical Disk Image')),{% endif %}
{% if 'ova' in image_formats -%}('ova', _('OVA - Open Virtual Appliance')),{% endif %}
{% if 'qcow2' in image_formats -%}('qcow2', _('QCOW2 - QEMU Emulator')),{% endif %}
{% if 'raw' in image_formats -%}('raw', _('Raw')),{% endif %}
{% if 'vdi' in image_formats -%}('vdi', _('VDI - Virtual Disk Image')),{% endif %}
{% if 'vhd' in image_formats -%}('vhd', _('VHD - Virtual Hard Disk')),{% endif %}
{% if 'vmdk' in image_formats -%}('vmdk', _('VMDK - Virtual Machine Disk')),{% endif %}
],
}
{% endif -%}
# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
# image custom property attributes that appear on image detail pages.
IMAGE_CUSTOM_PROPERTY_TITLES = {
"architecture": _("Architecture"),
"kernel_id": _("Kernel ID"),
"ramdisk_id": _("Ramdisk ID"),
"image_state": _("Euca2ools state"),
"project_id": _("Project ID"),
"image_type": _("Image Type"),
}
# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image
# custom properties should not be displayed in the Image Custom Properties
# table.
IMAGE_RESERVED_CUSTOM_PROPERTIES = []
# Set to 'legacy' or 'direct' to allow users to upload images to glance via
# Horizon server. When enabled, a file form field will appear on the create
# image form. If set to 'off', there will be no file form field on the create
# image form. See documentation for deployment considerations.
#HORIZON_IMAGES_UPLOAD_MODE = 'legacy'
# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
# in the Keystone service catalog. Use this setting when Horizon is running
# external to the OpenStack environment. The default is 'publicURL'.
#OPENSTACK_ENDPOINT_TYPE = "publicURL"
# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
# in the Keystone service catalog. Use this setting when Horizon is running
# external to the OpenStack environment. The default is None. This
# value should differ from OPENSTACK_ENDPOINT_TYPE if used.
#SECONDARY_ENDPOINT_TYPE = None
# The number of objects (Swift containers/objects or images) to display
# on a single page before providing a paging element (a "more" link)
# to paginate results.
{% if options.api_result_limit %}
API_RESULT_LIMIT = {{ options.api_result_limit }}
{% endif %}
API_RESULT_PAGE_SIZE = 20
# The size of chunk in bytes for downloading objects from Swift
SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
# Specify a maximum number of items to display in a dropdown.
DROPDOWN_MAX_ITEMS = {{ options.dropdown_max_items }}
# The timezone of the server. This should correspond with the timezone
# of your entire OpenStack installation, and hopefully be in UTC.
TIME_ZONE = "UTC"
# When launching an instance, the menu of available flavors is
# sorted by RAM usage, ascending. If you would like a different sort order,
# you can provide another flavor attribute as sorting key. Alternatively, you
# can provide a custom callback method to use for sorting. You can also provide
# a flag for reverse sort. For more info, see
# http://docs.python.org/2/library/functions.html#sorted
#CREATE_INSTANCE_FLAVOR_SORT = {
# 'key': 'name',
# # or
# 'key': my_awesome_callback_method,
# 'reverse': False,
#}
{% if options.create_instance_flavor_sort_key %}
CREATE_INSTANCE_FLAVOR_SORT = {
'key': '{{ create_instance_flavor_sort_key }}',
'reverse': {{ options.create_instance_flavor_sort_reverse }},
}
{% endif %}
# Set this to True to display an 'Admin Password' field on the Change Password
# form to verify that it is indeed the admin logged-in who wants to change
# the password.
{% if options.enforce_password_check %}
ENFORCE_PASSWORD_CHECK = True
{% endif %}
# Modules that provide /auth routes that can be used to handle different types
# of user authentication. Add auth plugins that require extra route handling to
# this list.
#AUTHENTICATION_URLS = [
# 'openstack_auth.urls',
#]
# The Horizon Policy Enforcement engine uses these values to load per service
# policy rule files. The content of these files should match the files the
# OpenStack services are using to determine role based access control in the
# target installation.
# Path to directory containing policy.json files
#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
# Policies are overriden and all policies are here rather than in package conf
# POLICY_FILES_PATH = '/etc/openstack-dashboard/policy.d/'
# These are matched from the defaults + any in the overrides
# Map of local copy of service policy files.
# Please insure that your identity policy file matches the one being used on
# your keystone servers. There is an alternate policy file that may be used
# in the Keystone v3 multi-domain case, policy.v3cloudsample.json.
# This file is not included in the Horizon repository by default but can be
# found at
# http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \
# policy.v3cloudsample.json
# Having matching policy files on the Horizon and Keystone servers is essential
# for normal operation. This holds true for all services and their policy files.
POLICY_FILES = {
'identity': 'keystonev3_policy.json',
'compute': 'nova_policy.json',
'volume': 'cinder_policy.json',
'image': 'glance_policy.json',
'orchestration': 'heat_policy.json',
'network': 'neutron_policy.json',
}
# TODO: (david-lyle) remove when plugins support adding settings.
# Note: Only used when trove-dashboard plugin is configured to be used by
# Horizon.
# Trove user and database extension support. By default support for
# creating users and databases on database instances is turned on.
# To disable these extensions set the permission here to something
# unusable such as ["!"].
#TROVE_ADD_USER_PERMS = []
#TROVE_ADD_DATABASE_PERMS = []
# Change this patch to the appropriate list of tuples containing
# a key, label and static directory containing two files:
# _variables.scss and _styles.scss
#AVAILABLE_THEMES = [
# ('default', 'Default', 'themes/default'),
# ('material', 'Material', 'themes/material'),
#]
LOGGING = {
'version': 1,
# When set to True this will disable all logging except
# for loggers specified in this configuration dictionary. Note that
# if nothing is specified here and disable_existing_loggers is True,
# django.db.backends will still log unless it is disabled explicitly.
'disable_existing_loggers': False,
'formatters': {
'operation': {
# The format of "%(message)s" is defined by
# OPERATION_LOG_OPTIONS['format']
'format': '%(asctime)s %(message)s'
},
},
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
},
'console': {
# Set the level to "DEBUG" for verbose output logging.
'level': 'INFO',
'class': 'logging.StreamHandler',
},
'operation': {
'level': 'INFO',
'class': 'logging.StreamHandler',
'formatter': 'operation',
},
'syslog': {
'level': 'INFO',
'class': 'logging.handlers.SysLogHandler',
},
},
'loggers': {
# Logging from django.db.backends is VERY verbose, send to null
# by default.
'django.db.backends': {
'handlers': ['null'],
'propagate': False,
},
'requests': {
'handlers': ['null'],
'propagate': False,
},
'horizon': {
'handlers': ['syslog'],
'level': 'DEBUG',
'propagate': False,
},
'openstack_dashboard': {
'handlers': ['syslog'],
'level': 'DEBUG',
'propagate': False,
},
'novaclient': {
'handlers': ['syslog'],
'level': 'DEBUG',
'propagate': False,
},
'cinderclient': {
'handlers': ['syslog'],
'level': 'DEBUG',
'propagate': False,
},
'keystoneclient': {
'handlers': ['syslog'],
'level': 'DEBUG',
'propagate': False,
},
'glanceclient': {
'handlers': ['syslog'],
'level': 'DEBUG',
'propagate': False,
},
'neutronclient': {
'handlers': ['syslog'],
'level': 'DEBUG',
'propagate': False,
},
'heatclient': {
'handlers': ['syslog'],
'level': 'DEBUG',
'propagate': False,
},
'ceilometerclient': {
'handlers': ['syslog'],
'level': 'DEBUG',
'propagate': False,
},
'swiftclient': {
'handlers': ['syslog'],
'level': 'DEBUG',
'propagate': False,
},
'openstack_auth': {
'handlers': ['syslog'],
'level': 'DEBUG',
'propagate': False,
},
'nose.plugins.manager': {
'handlers': ['syslog'],
'level': 'DEBUG',
'propagate': False,
},
'django': {
'handlers': ['syslog'],
'level': 'DEBUG',
'propagate': False,
},
'iso8601': {
'handlers': ['null'],
'propagate': False,
},
'scss': {
'handlers': ['null'],
'propagate': False,
},
},
}
# 'direction' should not be specified for all_tcp/udp/icmp.
# It is specified in the form.
SECURITY_GROUP_RULES = {
'all_tcp': {
'name': _('All TCP'),
'ip_protocol': 'tcp',
'from_port': '1',
'to_port': '65535',
},
'all_udp': {
'name': _('All UDP'),
'ip_protocol': 'udp',
'from_port': '1',
'to_port': '65535',
},
'all_icmp': {
'name': _('All ICMP'),
'ip_protocol': 'icmp',
'from_port': '-1',
'to_port': '-1',
},
'ssh': {
'name': 'SSH',
'ip_protocol': 'tcp',
'from_port': '22',
'to_port': '22',
},
'smtp': {
'name': 'SMTP',
'ip_protocol': 'tcp',
'from_port': '25',
'to_port': '25',
},
'dns': {
'name': 'DNS',
'ip_protocol': 'tcp',
'from_port': '53',
'to_port': '53',
},
'http': {
'name': 'HTTP',
'ip_protocol': 'tcp',
'from_port': '80',
'to_port': '80',
},
'pop3': {
'name': 'POP3',
'ip_protocol': 'tcp',
'from_port': '110',
'to_port': '110',
},
'imap': {
'name': 'IMAP',
'ip_protocol': 'tcp',
'from_port': '143',
'to_port': '143',
},
'ldap': {
'name': 'LDAP',
'ip_protocol': 'tcp',
'from_port': '389',
'to_port': '389',
},
'https': {
'name': 'HTTPS',
'ip_protocol': 'tcp',
'from_port': '443',
'to_port': '443',
},
'smtps': {
'name': 'SMTPS',
'ip_protocol': 'tcp',
'from_port': '465',
'to_port': '465',
},
'imaps': {
'name': 'IMAPS',
'ip_protocol': 'tcp',
'from_port': '993',
'to_port': '993',
},
'pop3s': {
'name': 'POP3S',
'ip_protocol': 'tcp',
'from_port': '995',
'to_port': '995',
},
'ms_sql': {
'name': 'MS SQL',
'ip_protocol': 'tcp',
'from_port': '1433',
'to_port': '1433',
},
'mysql': {
'name': 'MYSQL',
'ip_protocol': 'tcp',
'from_port': '3306',
'to_port': '3306',
},
'rdp': {
'name': 'RDP',
'ip_protocol': 'tcp',
'from_port': '3389',
'to_port': '3389',
},
}
# Deprecation Notice:
#
# The setting FLAVOR_EXTRA_KEYS has been deprecated.
# Please load extra spec metadata into the Glance Metadata Definition Catalog.
#
# The sample quota definitions can be found in:
# <glance_source>/etc/metadefs/compute-quota.json
#
# The metadata definition catalog supports CLI and API:
# $glance --os-image-api-version 2 help md-namespace-import
# $glance-manage db_load_metadefs <directory_with_definition_files>
#
# See Metadata Definitions on: http://docs.openstack.org/developer/glance/
# TODO: (david-lyle) remove when plugins support settings natively
# Note: This is only used when the Sahara plugin is configured and enabled
# for use in Horizon.
# Indicate to the Sahara data processing service whether or not
# automatic floating IP allocation is in effect. If it is not
# in effect, the user will be prompted to choose a floating IP
# pool for use in their cluster. False by default. You would want
# to set this to True if you were running Nova Networking with
# auto_assign_floating_ip = True.
#SAHARA_AUTO_IP_ALLOCATION_ENABLED = False
# The hash algorithm to use for authentication tokens. This must
# match the hash algorithm that the identity server and the
# auth_token middleware are using. Allowed values are the
# algorithms supported by Python's hashlib library.
#OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5'
# AngularJS requires some settings to be made available to
# the client side. Some settings are required by in-tree / built-in horizon
# features. These settings must be added to REST_API_REQUIRED_SETTINGS in the
# form of ['SETTING_1','SETTING_2'], etc.
#
# You may remove settings from this list for security purposes, but do so at
# the risk of breaking a built-in horizon feature. These settings are required
# for horizon to function properly. Only remove them if you know what you
# are doing. These settings may in the future be moved to be defined within
# the enabled panel configuration.
# You should not add settings to this list for out of tree extensions.
# See: https://wiki.openstack.org/wiki/Horizon/RESTAPI
REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
'LAUNCH_INSTANCE_DEFAULTS',
'OPENSTACK_IMAGE_FORMATS']
# Additional settings can be made available to the client side for
# extensibility by specifying them in REST_API_ADDITIONAL_SETTINGS
# !! Please use extreme caution as the settings are transferred via HTTP/S
# and are not encrypted on the browser. This is an experimental API and
# may be deprecated in the future without notice.
#REST_API_ADDITIONAL_SETTINGS = []
###############################################################################
# Ubuntu Settings
###############################################################################
# XXX Review theme handling and update here
WEBROOT = '{{ ingress.ingress_path }}'
STATIC_URL = '{{ ingress.ingress_path }}/static/'
{% if webroot == "/" %}
LOGIN_URL='/auth/login/'
LOGOUT_URL='/auth/logout/'
{% else %}
LOGIN_URL='{{ ingress.ingress_path }}/auth/login/'
LOGOUT_URL='{{ ingress.ingress_path }}/auth/logout/'
{% endif %}
LOGIN_REDIRECT_URL='{{ ingress.ingress_path }}'
# By default, validation of the HTTP Host header is disabled. Production
# installations should have this set accordingly. For more information
# see https://docs.djangoproject.com/en/dev/ref/settings/.
ALLOWED_HOSTS = '*'
# Compress all assets offline as part of packaging installation
#COMPRESS_OFFLINE = True
# DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
# Scripting (XFS) vulnerability, so this option allows extra security hardening
# where iframes are not used in deployment. Default setting is True.
# For more information see:
# http://tinyurl.com/anticlickjack
#DISALLOW_IFRAME_EMBED = True
# Help URL can be made available for the client. To provide a help URL, edit the
# following attribute to the URL of your choice.
#HORIZON_CONFIG["help_url"] = "http://openstack.mycompany.org"
# Settings for OperationLogMiddleware
# OPERATION_LOG_ENABLED is flag to use the function to log an operation on
# Horizon.
# mask_targets is arrangement for appointing a target to mask.
# method_targets is arrangement of HTTP method to output log.
# format is the log contents.
#OPERATION_LOG_ENABLED = False
#OPERATION_LOG_OPTIONS = {
# 'mask_fields': ['password'],
# 'target_methods': ['POST'],
# 'format': ("[%(domain_name)s] [%(domain_id)s] [%(project_name)s]"
# " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"
# " [%(referer_url)s] [%(request_url)s] [%(message)s] [%(method)s]"
# " [%(http_status)s] [%(param)s]"),
#}
# The default date range in the Overview panel meters - either <today> minus N
# days (if the value is integer N), or from the beginning of the current month
# until today (if set to None). This setting should be used to limit the amount
# of data fetched by default when rendering the Overview panel.
#OVERVIEW_DAYS_RANGE = 1
# To allow operators to require admin users provide a search criteria first
# before loading any data into the admin views, set the following attribute to
# True
#ADMIN_FILTER_DATA_FIRST=False
# Dict used to restrict user private subnet cidr range.
# An empty list means that user input will not be restricted
# for a corresponding IP version. By default, there is
# no restriction for IPv4 or IPv6. To restrict
# user private subnet cidr range set ALLOWED_PRIVATE_SUBNET_CIDR
# to something like
#ALLOWED_PRIVATE_SUBNET_CIDR = {
# 'ipv4': ['10.0.0.0/8', '192.168.0.0/16'],
# 'ipv6': ['fc00::/7']
#}
ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
# Project and user can have any attributes by keystone v3 mechanism.
# This settings can treat these attributes on Horizon.
# It means, when you show Create/Update modal, attribute below is
# shown and you can specify any value.
# If you'd like to display these extra data in project or user index table,
# Keystone v3 allows you to add extra properties to Project and Users.
# Horizon's customization (http://docs.openstack.org/developer/horizon/topics/customizing.html#horizon-customization-module-overrides)
# allows you to display this extra information in the Create/Update modal and
# the corresponding tables.
#PROJECT_TABLE_EXTRA_INFO = {
# 'phone_num': _('Phone Number'),
#}
#USER_TABLE_EXTRA_INFO = {
# 'phone_num': _('Phone Number'),
#}
{%- if options.site_branding %}
SITE_BRANDING = "{{ options.site_branding }}"
{%- endif %}
{%- if site_branding_link %}
SITE_BRANDING_LINK = "{{ options.site_branding_link }}"
{%- endif %}
{%- if help_url %}
HORIZON_CONFIG["help_url"] = "{{ options.help_url }}"
{%- endif %}

3
charms/horizon-k8s/src/templates/parts/database-connection Normal file
View File

@ -0,0 +1,3 @@
{% if shared_db.database_host -%}
connection = {{ shared_db.database_type }}://{{ shared_db.database_user }}:{{ shared_db.database_password }}@{{ shared_db.database_host }}/{{ shared_db.database }}{% if shared_db.database_ssl_ca %}?ssl_ca={{ shared_db.database_ssl_ca }}{% if shared_db.database_ssl_cert %}&ssl_cert={{ shared_db.database_ssl_cert }}&ssl_key={{ shared_db.database_ssl_key }}{% endif %}{% endif %}
{% endif -%}

10
charms/horizon-k8s/src/templates/parts/identity-data Normal file
View File

@ -0,0 +1,10 @@
{% if identity_service.internal_host -%}
www_authenticate_uri = {{ identity_service.internal_protocol }}://{{ identity_service.internal_host }}:{{ identity_service.internal_port }}
auth_url = {{ identity_service.internal_protocol }}://{{ identity_service.internal_host }}:{{ identity_service.internal_port }}
auth_type = password
project_domain_name = {{ identity_service.service_domain_name }}
user_domain_name = {{ identity_service.service_domain_name }}
project_name = {{ identity_service.service_project_name }}
username = {{ identity_service.service_user_name }}
password = {{ identity_service.service_password }}
{% endif -%}

3
charms/horizon-k8s/src/templates/parts/section-database Normal file
View File

@ -0,0 +1,3 @@
[database]
{% include "parts/database-connection" %}
connection_recycle_time = 200

10
charms/horizon-k8s/src/templates/parts/section-federation Normal file
View File

@ -0,0 +1,10 @@
{% if trusted_dashboards %}
[federation]
{% for dashboard_url in trusted_dashboards -%}
trusted_dashboard = {{ dashboard_url }}
{% endfor -%}
{% endif %}
{% for sp in fid_sps -%}
[{{ sp['protocol-name'] }}]
remote_id_attribute = {{ sp['remote-id-attribute'] }}
{% endfor -%}

2
charms/horizon-k8s/src/templates/parts/section-identity Normal file
View File

@ -0,0 +1,2 @@
[keystone_authtoken]
{% include "parts/identity-data" %}

6
charms/horizon-k8s/src/templates/parts/section-middleware Normal file
View File

@ -0,0 +1,6 @@
{% for section in sections -%}
[{{section}}]
{% for key, value in sections[section].items() -%}
{{ key }} = {{ value }}
{% endfor %}
{%- endfor %}

15
charms/horizon-k8s/src/templates/parts/section-signing Normal file
View File

@ -0,0 +1,15 @@
{% if enable_signing -%}
[signing]
{% if certfile -%}
certfile = {{ certfile }}
{% endif -%}
{% if keyfile -%}
keyfile = {{ keyfile }}
{% endif -%}
{% if ca_certs -%}
ca_certs = {{ ca_certs }}
{% endif -%}
{% if ca_key -%}
ca_key = {{ ca_key }}
{% endif -%}
{% endif -%}

17
charms/horizon-k8s/src/templates/wsgi-openstack-dashboard.conf Normal file
View File

@ -0,0 +1,17 @@
Listen 0.0.0.0:80
WSGIScriptAlias {{ ingress.ingress_path }} /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py process-group=horizon
WSGIDaemonProcess horizon user=horizon group=horizon processes=3 threads=10 display-name=%{GROUP}
WSGIProcessGroup horizon
WSGIApplicationGroup %{GLOBAL}
Alias /static /var/lib/openstack-dashboard/static/
Alias {{ ingress.ingress_path }}/static /var/lib/openstack-dashboard/static/
<Directory /usr/share/openstack-dashboard/openstack_dashboard>
Require all granted
</Directory>
<Directory /var/lib/openstack-dashboard/static>
Require all granted
</Directory>

16
charms/horizon-k8s/test-requirements.txt Normal file
View File

@ -0,0 +1,16 @@
# This file is managed centrally. If you find the need to modify this as a
# one-off, please don't. Intead, consult #openstack-charms and ask about
# requirements management in charms via bot-control. Thank you.
coverage>=3.6
mock>=1.2
flake8>=2.2.4,<=2.4.1
pyflakes==2.1.1
stestr>=2.2.0
requests>=2.18.4
psutil
# oslo.i18n dropped py35 support
oslo.i18n<4.0.0
git+https://github.com/openstack-charmers/zaza.git#egg=zaza
git+https://github.com/openstack-charmers/zaza-openstack-tests.git#egg=zaza.openstack
pytz # workaround for 14.04 pip/tox
pyudev # for ceph-* charm unit tests (not mocked?)

134
charms/horizon-k8s/tox.ini Normal file
View File

@ -0,0 +1,134 @@
# Operator charm (with zaza): tox.ini
[tox]
envlist = pep8,py3
skipsdist = True
# NOTE: Avoid build/test env pollution by not enabling sitepackages.
sitepackages = False
# NOTE: Avoid false positives by not skipping missing interpreters.
skip_missing_interpreters = False
# NOTES:
# * We avoid the new dependency resolver by pinning pip < 20.3, see
# https://github.com/pypa/pip/issues/9187
# * Pinning dependencies requires tox >= 3.2.0, see
# https://tox.readthedocs.io/en/latest/config.html#conf-requires
# * It is also necessary to pin virtualenv as a newer virtualenv would still
# lead to fetching the latest pip in the func* tox targets, see
# https://stackoverflow.com/a/38133283
requires = pip < 20.3
virtualenv < 20.0
# NOTE: https://wiki.canonical.com/engineering/OpenStack/InstallLatestToxOnOsci
minversion = 3.2.0
[testenv]
setenv = VIRTUAL_ENV={envdir}
PYTHONHASHSEED=0
CHARM_DIR={envdir}
install_command =
pip install {opts} {packages}
commands = stestr run --slowest {posargs}
whitelist_externals =
git
add-to-archive.py
bash
charmcraft
passenv = HOME TERM CS_* OS_* TEST_*
deps = -r{toxinidir}/test-requirements.txt
[testenv:py35]
basepython = python3.5
# python3.5 is irrelevant on a focal+ charm.
commands = /bin/true
[testenv:py36]
basepython = python3.6
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
[testenv:py37]
basepython = python3.7
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
[testenv:py38]
basepython = python3.8
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
[testenv:py3]
basepython = python3
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
[testenv:pep8]
basepython = python3
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
commands = flake8 {posargs} src unit_tests tests
[testenv:cover]
# Technique based heavily upon
# https://github.com/openstack/nova/blob/master/tox.ini
basepython = python3
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
setenv =
{[testenv]setenv}
PYTHON=coverage run
commands =
coverage erase
stestr run --slowest {posargs}
coverage combine
coverage html -d cover
coverage xml -o cover/coverage.xml
coverage report
[coverage:run]
branch = True
concurrency = multiprocessing
parallel = True
source =
.
omit =
.tox/*
*/charmhelpers/*
unit_tests/*
[testenv:venv]
basepython = python3
commands = {posargs}
[testenv:build]
basepython = python3
deps = -r{toxinidir}/build-requirements.txt
commands =
charmcraft build
[testenv:func-noop]
basepython = python3
commands =
functest-run-suite --help
[testenv:func]
basepython = python3
commands =
functest-run-suite --keep-model
[testenv:func-smoke]
basepython = python3
commands =
functest-run-suite --keep-model --smoke
[testenv:func-dev]
basepython = python3
commands =
functest-run-suite --keep-model --dev
[testenv:func-target]
basepython = python3
commands =
functest-run-suite --keep-model --bundle {posargs}
[flake8]
# Ignore E902 because the unit_tests directory is missing in the built charm.
ignore = E402,E226,E902

0
charms/horizon-k8s/unit_tests/__init__.py Normal file
View File

85
charms/horizon-k8s/unit_tests/test_dashboard_charm.py Normal file
View File

@ -0,0 +1,85 @@
#!/usr/bin/env python3
# Copyright 2021 Canonical Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import mock
import sys
sys.path.append('lib') # noqa
sys.path.append('src') # noqa
import charm
import advanced_sunbeam_openstack.test_utils as test_utils
class _DashboardWallabyOperatorCharm(
charm.OpenstackDashboardWallabyOperatorCharm):
def __init__(self, framework):
self.seen_events = []
super().__init__(framework)
def _log_event(self, event):
self.seen_events.append(type(event).__name__)
def configure_charm(self, event):
super().configure_charm(event)
self._log_event(event)
@property
def public_ingress_address(self):
return 'dashboard.juju'
class TestDashboardOperatorCharm(test_utils.CharmTestCase):
PATCHES = []
@mock.patch(
'charms.observability_libs.v0.kubernetes_service_patch.'
'KubernetesServicePatch')
def setUp(self, mock_patch):
super().setUp(charm, self.PATCHES)
self.harness = test_utils.get_harness(
_DashboardWallabyOperatorCharm,
container_calls=self.container_calls)
self.addCleanup(self.harness.cleanup)
test_utils.add_complete_ingress_relation(self.harness)
self.harness.begin()
def test_pebble_ready_handler(self):
self.assertEqual(self.harness.charm.seen_events, [])
test_utils.set_all_pebbles_ready(self.harness)
self.assertEqual(self.harness.charm.seen_events, ['PebbleReadyEvent'])
def test_all_relations(self):
self.harness.set_leader()
test_utils.set_all_pebbles_ready(self.harness)
test_utils.add_all_relations(self.harness)
setup_cmds = [
['a2dissite', '000-default'],
['a2ensite', 'wsgi-openstack-dashboard'],
['python3', '/usr/share/openstack-dashboard/manage.py', 'migrate',
'--noinput']]
for cmd in setup_cmds:
self.assertIn(
cmd,
self.container_calls.execute['openstack-dashboard'])
self.check_file(
'openstack-dashboard',
'/etc/apache2/sites-available/wsgi-openstack-dashboard.conf')
self.check_file(
'openstack-dashboard',
'/etc/openstack-dashboard/local_settings.py')