Skip to content

Commit

Permalink
Merge branch 'main' into TELCO-723-creating-fiveg-gnb-identity-interface
Browse files Browse the repository at this point in the history
  • Loading branch information
simskij authored Sep 21, 2023
2 parents db3f54a + 40b2864 commit d8e1de3
Show file tree
Hide file tree
Showing 9 changed files with 190 additions and 10 deletions.
13 changes: 7 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -88,13 +88,14 @@ To quickly get started, see the [template interface](https://github.com/canonica

### Telco

| Category | Interface | Status |
|------------|:-------------------------------------------------|:-------------------------------------------------------------------:|
| Category | Interface | Status |
|------------|:--------------------------------------------------|:-------------------------------------------------------------------:|
| Charmed 5G | [`fiveg_gnb_identity`](interfaces/fiveg_gnb_identity/v0/README.md) | ![Status: Draft](https://img.shields.io/badge/Status-Draft-orange) |
| | [`fiveg_nrf`](interfaces/fiveg_nrf/v0/README.md) | ![Status: Draft](https://img.shields.io/badge/Status-Draft-orange) |
| | [`fiveg_n2`](interfaces/fiveg_n2/v0/README.md) | ![Status: Draft](https://img.shields.io/badge/Status-Draft-orange) |
| | [`fiveg_n3`](interfaces/fiveg_n3/v0/README.md) | ![Status: Draft](https://img.shields.io/badge/Status-Draft-orange) |
| | [`fiveg_n4`](interfaces/fiveg_n4/v0/README.md) | ![Status: Draft](https://img.shields.io/badge/Status-Draft-orange) |
| | [`fiveg_nrf`](interfaces/fiveg_nrf/v0/README.md) | ![Status: Draft](https://img.shields.io/badge/Status-Draft-orange) |
| | [`fiveg_n2`](interfaces/fiveg_n2/v0/README.md) | ![Status: Draft](https://img.shields.io/badge/Status-Draft-orange) |
| | [`fiveg_n3`](interfaces/fiveg_n3/v0/README.md) | ![Status: Draft](https://img.shields.io/badge/Status-Draft-orange) |
| | [`fiveg_n4`](interfaces/fiveg_n4/v0/README.md) | ![Status: Draft](https://img.shields.io/badge/Status-Draft-orange) |
| | [`sdcore_management`](interfaces/sdcore_management/v0/README.md) | ![Status: Draft](https://img.shields.io/badge/Status-Draft-orange) |

For a more detailed explanation of statuses and how they should be used, see [the legend](https://github.com/canonical/charm-relation-interfaces/blob/main/LEGEND.md).

Expand Down
43 changes: 43 additions & 0 deletions docs/json_schemas/interfaces/sdcore_management/provider.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
{
"title": "ProviderSchema",
"description": "The schema for the provider side of the sdcore_management interface.",
"type": "object",
"properties": {
"unit": {
"$ref": "#/definitions/BaseModel"
},
"app": {
"$ref": "#/definitions/SdcoreManagementProviderAppData"
}
},
"required": [
"app"
],
"definitions": {
"BaseModel": {
"title": "BaseModel",
"type": "object",
"properties": {}
},
"SdcoreManagementProviderAppData": {
"title": "SdcoreManagementProviderAppData",
"type": "object",
"properties": {
"management_url": {
"title": "Management Url",
"description": "The endpoint to use to manage SD-Core network.",
"examples": [
"http://1.2.3.4:1234"
],
"minLength": 1,
"maxLength": 2083,
"format": "uri",
"type": "string"
}
},
"required": [
"management_url"
]
}
}
}
20 changes: 20 additions & 0 deletions docs/json_schemas/interfaces/sdcore_management/requirer.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"title": "RequirerSchema",
"description": "The schema for the requirer side of the sdcore_management interface.",
"type": "object",
"properties": {
"unit": {
"$ref": "#/definitions/BaseModel"
},
"app": {
"$ref": "#/definitions/BaseModel"
}
},
"definitions": {
"BaseModel": {
"title": "BaseModel",
"type": "object",
"properties": {}
}
}
}
6 changes: 6 additions & 0 deletions docs/json_schemas/vault_kv/v0/provider.json
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,11 @@
"description": "The KV mount available for the requirer application, respecting the pattern 'charm-<requirer app>-<user provided suffix>'.",
"type": "string"
},
"ca_certificate": {
"title": "Ca Certificate",
"description": "The CA certificate to use when validating the Vault server's certificate.",
"type": "string"
},
"credentials": {
"title": "Credentials",
"description": "Mapping of unit name and credentials for that unit. Credentials are a juju secret containing a 'role-id' and a 'role-secret-id'.",
Expand All @@ -45,6 +50,7 @@
"required": [
"vault_url",
"mount",
"ca_certificate",
"credentials"
]
}
Expand Down
47 changes: 47 additions & 0 deletions interfaces/sdcore_management/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# `sdcore_management`

## Usage

Within Charmed-5G, the components that makes configuration changes to the network require access to the configuration and management service.

The `sdcore_management` relation interface describes the expected behavior of any charm claiming to provide or consume the information to access the configuration service in SD-Core.

SD-Core Webui Operator that is responsible for the configuration of the SD-Core network within Charmed-5G is a typical provider and SD-Core NMS (Network Management System) Operator that provides a user interface to manage and configure the network is a typical requirer of this relation.

## Direction

```mermaid
flowchart TD
Provider -- management_url --> Requirer
```

As with all Juju relations, the `sdcore_management` interface consists of two parties: a Provider and a Requirer.

## Behavior

Both the Requirer and the Provider need to adhere to criteria to be considered compatible with the interface.

### Provider

- Is expected to provide the address to access the SD-Core configuration service endpoint.

### Requirer

- Is expected to use the endpoint address provided to connect to the configuration service.

## Relation Data

[\[Pydantic Schema\]](./schema.py)

#### Example

```yaml
provider:
app: {
"management_url": "http://1.2.3.4:1234",
}
unit: {}
requirer:
app: {}
unit: {}
```
2 changes: 2 additions & 0 deletions interfaces/sdcore_management/charms.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
providers: []
requirers: []
36 changes: 36 additions & 0 deletions interfaces/sdcore_management/schema.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
"""This file defines the schemas for the provider and requirer sides of the `sdcore_management` relation interface.
It must expose two interfaces.schema_base.DataBagSchema subclasses called:
- ProviderSchema
- RequirerSchema
Examples:
ProviderSchema:
unit: <empty>
app: {
"management_endpoint": "http://1.2.3.4:1234",
}
RequirerSchema:
unit: <empty>
app: <empty>
"""

from interface_tester.schema_base import DataBagSchema
from pydantic import BaseModel, Field, HttpUrl


class SdcoreManagementProviderAppData(BaseModel):
management_url: HttpUrl = Field(
description="The endpoint to use to manage SD-Core network.",
examples=["http://1.2.3.4:1234"],
)


class ProviderSchema(DataBagSchema):
"""The schema for the provider side of the sdcore_management interface."""

app: SdcoreManagementProviderAppData


class RequirerSchema(DataBagSchema):
"""The schema for the requirer side of the sdcore_management interface."""
30 changes: 26 additions & 4 deletions interfaces/vault_kv/v0/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Some charms require a secure key value store. This relation interface describes
```mermaid
flowchart TD
Requirer -- mount_suffix, nonce, egress_subnet --> Provider
Provider -- vault_url, mount, credentials --> Requirer
Provider -- vault_url, ca_certificate, mount, credentials --> Requirer
```

## Behavior
Expand All @@ -20,10 +20,11 @@ Both the Requirer and the Provider need to adhere to criteria to be considered c

Provider expectations

- Is expected to provide the vault url
- Is expected to provide the vault url.
- Is expected to provide a ca certificate used to validate the vault server's certificate.
- Is expected to provide a key value mount, the mount name shall respect the following pattern: `charm-<requirer app>-<requirer provided suffix>`
- Is expected to create an approle restricted to the requiring unit's egress subnet.
- Is expected to create a Juju secret containing a role-id and role-secret-id for each unit
- Is expected to create a Juju secret containing a role-id and role-secret-id for each unit.
- Is expected to provide the Juju secret ID in the relation data, identified by the unit's nonce.
- Is expected to have out of date credentials when requirer unit's identity change, for some unspecified amount of time
until new credentials have been generated. For example, during an upgrade-charm event.
Expand All @@ -32,7 +33,7 @@ Provider expectations

Requirer expectations

- Is expected to provide a mount suffix
- Is expected to provide a mount suffix.
- Is expected to provide an egress subnet for each unit requiring access to the vault key value store.
The unit's egress_subnet shall be used to restrict access to the secret backend.
- Is expected to provide a nonce, i.e. a string uniquely identifying the unit.
Expand All @@ -48,6 +49,27 @@ provider:
app:
vault_url: http://10.152.183.104:8200
mount: charm-barbican-secrets # in case of CMR, mount will look like `charm-remote-fd7bc6a8c2d54d748ec3822da5abf0bc-secrets`
ca_certificate: |
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIUSV4nLL94rCgtxIHB1kyCDh2SBnkwDQYJKoZIhvcNAQEL
BQAwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAMMFFZhdWx0IHNlbGYgc2lnbmVkIENB
MCAXDTIzMDkxNTEzMzAzM1oYDzIwNzMwOTAyMTMzMDMzWjAsMQswCQYDVQQGEwJV
UzEdMBsGA1UEAwwUVmF1bHQgc2VsZiBzaWduZWQgQ0EwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC1Odkv2Yv6PoDTT4VPO8EGwlhmbkYib4VbxZVCxQe/
1qp4IDDKwN4PXnmCbfg/Ri+A8C9CQZirVam0zIxqQJ2fe0EKBO7y7BM8HrhWPh2p
3oWV3mi8qm1frQvjpWK859oQMFzDkaKGLHIADwi8pr7wLlyUAlGZ6s/aKAtAkRUZ
fLpUkMpSuoBT/3JgbvQOk9QQS+I0lLsaPxE4KV1kfuH/EdAgiMeqj0Y2Cj0t0ZBG
ZWt6jOFRffZbDmV/P2Vl0Oc7dJFfluWTy+3GA+AMlaNOVR1xdtmSot+W9dZR7rHp
dCGeulRjm79DgkCBZ8XNGUDSd5kBv4dkNVXtY24ZCP45AgMBAAGjVzBVMB8GA1Ud
DgQYBBYEFKbR1+Rgj49n7dHWsrsF+US8FI2GMCEGA1UdIwQaMBiAFgQUptHX5GCP
j2ft0dayuwX5RLwUjYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AQEAjFZKJQ/Vo1TtPBfD3A+3NI0jbjEt7i2+ERHfrDSAVZEuV10X7Red/YRd+lup
rPwgZr1Fg5/dDwiILwOcQz39Qq3u6BFChjH47Oz4krcG5uv6VTrDwhSnmV5gzTia
hXR6SET/yOwwoM6AWRsvjZQ0jCdRcvd5e+rafM27jXRBO0/F9XQGc3Dn5WM0TalC
S293oLoL3epU0X36FFRVWMVOCPBVzUS0eRrL90gTWxBNEw4YPyxIZD1+0uhUdJum
q9IJGysn/ETTPHj83pM+Dgr3+3rP8NP3OF81eKi87nGyrY+HtzlKUTCYymyeCUqK
CnYvDG4IK/MIkjgiBBTS7diP/A==
-----END CERTIFICATE-----
credentials: |
{
"3081279da89c48a32923473c2c587019": "secret://4f7cc474-a23d-49a2-8b6e-9835c1e08325/cjk5slcrl3uc767oebp0",
Expand Down
3 changes: 3 additions & 0 deletions interfaces/vault_kv/v0/schema.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ class VaultKvProviderSchema(BaseModel):
"respecting the pattern 'charm-<requirer app>-<user provided suffix>'."
)
)
ca_certificate: str = Field(
description="The CA certificate to use when validating the Vault server's certificate."
)
credentials: Json[Mapping[str, str]] = Field(
description=(
"Mapping of unit name and credentials for that unit."
Expand Down

0 comments on commit d8e1de3

Please sign in to comment.