OpenCTI Charm
- Weii Wang
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/stable | 17 | 21 Mar 2025 | |
| latest/edge | 17 | 20 Mar 2025 |
juju deploy opencti
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
-
- Last updated
- Revision Library version 0.2
# Copyright 2025 Canonical Ltd.
# See LICENSE file for licensing details.
"""OpenCTI connector charm library."""
# The unique Charmhub library identifier, never change it
LIBID = "312661b5c30e4aeba8767706f3974899"
# Increment this major API version when introducing breaking changes
LIBAPI = 0
# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 2
import abc
import os
import pathlib
import urllib.parse
import uuid
import ops
import yaml
class NotReady(Exception):
"""The OpenCTI connector is not ready."""
class OpenctiConnectorCharm(ops.CharmBase, abc.ABC):
"""OpenCTI connector base charm."""
@property
@abc.abstractmethod
def connector_type(self) -> str:
"""The OpenCTI connector type.
Can be either "EXTERNAL_IMPORT", "INTERNAL_ENRICHMENT", "INTERNAL_IMPORT_FILE",
"INTERNAL_EXPORT_FILE" or "STREAM".
Returns: the connector type.
"""
pass
@property
@abc.abstractmethod
def charm_dir(self) -> pathlib.Path:
"""Return the charm directory (the one with charmcraft.yaml in it)."""
def __init__(self, *args):
super().__init__(*args)
self.framework.observe(self.on.config_changed, self._reconcile)
self.framework.observe(self.on["opencti-connector"].relation_changed, self._reconcile)
self.framework.observe(self.on.secret_changed, self._reconcile)
self.framework.observe(self.on.upgrade_charm, self._reconcile)
self.framework.observe(self.on[self.meta.name].pebble_ready, self._reconcile)
@property
def boolean_style(self) -> str:
"""Dictate how boolean-typed configurations should translate to environment variable values.
The style should be either "json" for true/false or "python" for True/False.
Returns: "json" or "python"
"""
return "json"
def _config_metadata(self) -> dict:
"""Get charm configuration metadata.
Returns:
The charm configuration metadata.
Raises:
RuntimeError: If charm metadata file doesn't exist.
"""
config_file = self.charm_dir / "config.yaml"
if config_file.exists():
return yaml.safe_load(config_file.read_text())["options"]
config_file = self.charm_dir / "charmcraft.yaml"
if config_file.exists():
return yaml.safe_load(config_file.read_text())["config"]["options"]
raise RuntimeError("charm configuration metadata doesn't exist")
def kebab_to_constant(self, name: str) -> str:
"""Convert kebab case to constant case
Args:
name: Kebab case name.
Returns:
Input in constant case.
"""
return name.replace("-", "_").upper()
def _check_config(self) -> None:
"""Check if required charm configurations are ready.
Raises:
NotReady: If some charm configurations isn't ready.
"""
missing = []
for config, config_meta in self._config_metadata().items():
value = self.config.get(config)
if value is None and config_meta.get("optional") is False:
missing.append(config)
if missing:
raise NotReady("missing configurations: {}".format(", ".join(missing)))
def _check_integration(self) -> None:
"""Check if required charm integrations are ready.
Raises:
NotReady: If some charm integrations isn't ready.
"""
integration = self.model.get_relation("opencti-connector")
if integration is None:
raise NotReady("missing opencti-connector integration")
def _reconcile(self, _) -> None:
"""Reconcile the charm."""
try:
if self.app.planned_units() != 1:
self.unit.status = ops.BlockedStatus(
"connector charm cannot have multiple units, "
"scale down using the `juju scale` command"
)
return
self._check_config()
self._check_integration()
self._reconcile_integration()
self._reconcile_connector()
self.unit.status = ops.ActiveStatus()
except NotReady as exc:
self.unit.status = ops.WaitingStatus(str(exc))
def _reconcile_integration(self) -> None:
"""Reconcile the charm integrations."""
if self.unit.is_leader():
integration = self.model.get_relation("opencti-connector")
data = integration.data[self.app]
data.update(
{
"connector_charm_name": self.meta.name,
"connector_type": self.connector_type,
}
)
if "connector_id" not in data:
data["connector_id"] = str(uuid.uuid4())
def _gen_env(self) -> dict[str, str]:
"""Generate environment variables for the opencti connector service.
Returns:
Environment variables.
"""
integration = self.model.get_relation("opencti-connector")
integration_data = integration.data[integration.app]
opencti_url, opencti_token_id = (
integration_data.get("opencti_url"),
integration_data.get("opencti_token"),
)
if not opencti_url or not opencti_token_id:
raise NotReady("waiting for opencti-connector integration")
opencti_token_secret = self.model.get_secret(id=opencti_token_id)
opencti_token = opencti_token_secret.get_content(refresh=True)["token"]
environment = {
"OPENCTI_URL": opencti_url,
"OPENCTI_TOKEN": opencti_token,
"CONNECTOR_ID": integration.data[self.app]["connector_id"],
"CONNECTOR_NAME": self.app.name,
"CONNECTOR_TYPE": self.connector_type,
}
for config, config_meta in self._config_metadata().items():
value = self.config.get(config)
if value is None:
continue
environment[self.kebab_to_constant(config)] = str(value)
if self.boolean_style == "json" and isinstance(value, bool):
environment[self.kebab_to_constant(config)] = str(value).lower()
environment.update(self._get_proxy_environment(opencti_url))
return environment
def _get_proxy_environment(self, opencti_url: str) -> dict[str, str]:
"""Get proxy environment variables.
Args:
opencti_url: OpenCTI URL.
Returns:
proxy environment variables.
"""
environment = {}
http_proxy = os.environ.get("JUJU_CHARM_HTTP_PROXY")
https_proxy = os.environ.get("JUJU_CHARM_HTTPS_PROXY")
no_proxy = os.environ.get("JUJU_CHARM_NO_PROXY")
if http_proxy:
environment["HTTP_PROXY"] = http_proxy
environment["http_proxy"] = http_proxy
if https_proxy:
environment["HTTPS_PROXY"] = https_proxy
environment["https_proxy"] = https_proxy
no_proxy_list = no_proxy.split(",") if no_proxy else []
if http_proxy or https_proxy:
opencti_host = urllib.parse.urlparse(opencti_url).hostname
no_proxy_list.append(opencti_host)
environment["NO_PROXY"] = ",".join(no_proxy_list)
environment["no_proxy"] = ",".join(no_proxy_list)
return environment
def _reconcile_connector(self) -> None:
"""Reconcile connector service."""
container = self.unit.get_container(self.meta.name)
if not container.can_connect():
raise NotReady("waiting for container ready")
container.add_layer(
"connector",
layer=ops.pebble.LayerDict(
summary=self.meta.name,
description=self.meta.name,
services={
"connector": {
"startup": "enabled",
"on-failure": "restart",
"override": "replace",
"command": "bash /entrypoint.sh",
"environment": self._gen_env(),
},
},
),
combine=True,
)
container.replan()
%27%20fill%3D%27%23E95420%27%3E%3Cpath%20d%3D%27m15.839%205.293-1.447-2.8a.136.136%200%200%200-.051-.055.144.144%200%200%200-.074-.02h-5.8a.143.143%200%200%200-.091.03.13.13%200%200%200-.034.17.138.138%200%200%200%20.072.06l7.251%202.8a.144.144%200%200%200%20.17-.054.13.13%200%200%200%20.007-.13l-.003-.001ZM11.839%204.945.073.223A.073.073%200%200%200%20.026.221a.07.07%200%200%200-.038.027.065.065%200%200%200%20.007.086l7.962%208.182a.069.069%200%200%200%20.049.022.072.072%200%200%200%20.047-.019l3.805-3.461a.066.066%200%200%200%20.02-.061.065.065%200%200%200-.014-.03.07.07%200%200%200-.028-.02l.003-.002ZM5.382%207.183a.071.071%200%200%200-.062-.022.07.07%200%200%200-.03.011.067.067%200%200%200-.023.025l-4.13%207.696a.065.065%200%200%200-.005.046.068.068%200%200%200%20.027.038.072.072%200%200%200%20.09-.006L7.13%209.18a.066.066%200%200%200%200-.087l-1.75-1.91Z%27%2F%3E%3C%2Fg%3E%3Cdefs%3E%3CclipPath%20id%3D%27a%27%3E%3Cpath%20fill%3D%27%23fff%27%20d%3D%27M0%200h15.83v15.21H0z%27%2F%3E%3C%2FclipPath%3E%3C%2Fdefs%3E%3C%2Fsvg%3E)
%27%20fill%3D%27%23E95420%27%3E%3Cpath%20d%3D%27M1.936%202.592c.668%200%201.21-.515%201.21-1.151S2.604.29%201.936.29C1.267.29.726.805.726%201.44c0%20.637.541%201.152%201.21%201.152ZM14.56.576H3.404a1.587%201.587%200%200%201%20.024%201.69l-.026.04h11.156a.56.56%200%200%200%20.386-.15.518.518%200%200%200%20.16-.369v-.692a.502.502%200%200%200-.16-.369.543.543%200%200%200-.386-.15ZM1.936%206.701c.668%200%201.21-.515%201.21-1.15%200-.637-.542-1.152-1.21-1.152-.669%200-1.21.515-1.21%201.151s.541%201.151%201.21%201.151ZM14.56%204.685H3.404a1.612%201.612%200%200%201%20.242%201.083c-.03.215-.105.421-.219.608l-.026.04h11.157a.56.56%200%200%200%20.386-.15.518.518%200%200%200%20.16-.37v-.692a.5.5%200%200%200-.16-.369.542.542%200%200%200-.386-.15ZM1.936%2010.81c.668%200%201.21-.515%201.21-1.15%200-.637-.542-1.152-1.21-1.152-.669%200-1.21.515-1.21%201.151s.541%201.151%201.21%201.151ZM14.56%208.795H3.404a1.611%201.611%200%200%201%20.243%201.082%201.581%201.581%200%200%201-.245.648h11.156a.559.559%200%200%200%20.386-.15.517.517%200%200%200%20.16-.37v-.692a.502.502%200%200%200-.16-.368.543.543%200%200%200-.386-.15ZM1.936%2014.92c.668%200%201.21-.515%201.21-1.15%200-.637-.542-1.152-1.21-1.152-.669%200-1.21.515-1.21%201.151s.541%201.151%201.21%201.151ZM14.56%2012.904H3.404a1.611%201.611%200%200%201%20.242%201.082%201.58%201.58%200%200%201-.219.608l-.026.04h11.157a.562.562%200%200%200%20.386-.15.517.517%200%200%200%20.16-.37v-.692a.5.5%200%200%200-.16-.369.543.543%200%200%200-.386-.15Z%27%2F%3E%3C%2Fg%3E%3Cdefs%3E%3CclipPath%20id%3D%27a%27%3E%3Cpath%20fill%3D%27%23fff%27%20d%3D%27M0%200h15.83v15.21H0z%27%2F%3E%3C%2FclipPath%3E%3C%2Fdefs%3E%3C%2Fsvg%3E)
%27%20fill%3D%27%23E95420%27%3E%3Cpath%20d%3D%27M9.618.272c-.634%200-1.243.243-1.691.674-.448.43-.7%201.015-.701%201.624v4.221a1.9%201.9%200%200%201%201.362%200v-4.22a.955.955%200%200%201%20.291-.72%201.067%201.067%200%200%201%201.479%200%20.955.955%200%200%201%20.29.719v.962h1.363V2.57c0-.61-.253-1.194-.702-1.625A2.445%202.445%200%200%200%209.618.272ZM9.017%208.433c0%20.21-.065.417-.187.593a1.102%201.102%200%200%201-.499.393c-.203.08-.426.102-.642.06a1.125%201.125%200%200%201-.568-.292%201.055%201.055%200%200%201-.304-.547%201.028%201.028%200%200%201%20.064-.616c.084-.195.226-.362.41-.479a1.143%201.143%200%200%201%201.401.133c.103.1.185.217.24.347.057.129.085.268.085.408ZM2.773%205.855c-.634.001-1.242.244-1.69.674C.633%206.96.381%207.545.38%208.154v4.082a1.901%201.901%200%200%201%201.363%200V8.154a.955.955%200%200%201%20.29-.719%201.067%201.067%200%200%201%201.479%200%20.955.955%200%200%201%20.29.719v.962h1.363v-.962c0-.61-.253-1.194-.702-1.625a2.444%202.444%200%200%200-1.69-.674ZM2.166%2013.878c0%20.21-.065.415-.186.59-.121.174-.294.31-.496.39-.202.08-.424.102-.638.06a1.119%201.119%200%200%201-.565-.29%201.049%201.049%200%200%201-.302-.543c-.043-.206-.02-.42.063-.614.084-.194.225-.36.407-.476a1.136%201.136%200%200%201%201.394.133%201.024%201.024%200%200%201%20.323.75Z%27%2F%3E%3Cpath%20d%3D%27M14.752%204.76a1.789%201.789%200%200%201-.681-.126v2.411a.972.972%200%200%201-.312.682c-.193.179-.45.28-.718.28-.268%200-.526-.101-.718-.28a.972.972%200%200%201-.312-.682V4.32h-1.363v2.726c0%20.61.252%201.195.7%201.626a2.443%202.443%200%200%200%201.692.673c.635%200%201.244-.242%201.692-.673.449-.431.7-1.016.7-1.626v-2.41a1.9%201.9%200%200%201-.68.125ZM15.858%202.822c.037.225%200%20.455-.107.658a1.1%201.1%200%200%201-.49.472%201.161%201.161%200%200%201-1.302-.198%201.04%201.04%200%200%201-.206-1.251%201.1%201.1%200%200%201%20.492-.47%201.161%201.161%200%200%201%201.299.199c.166.16.276.366.314.59ZM7.907%2010.2c-.233%200-.465-.042-.681-.126V12.6a.97.97%200%200%201-.302.7%201.05%201.05%200%200%201-.728.29%201.05%201.05%200%200%201-.728-.29.97.97%200%200%201-.302-.7V9.845H3.804V12.6c0%20.61.252%201.194.7%201.625a2.443%202.443%200%200%200%201.692.674c.634%200%201.243-.243%201.692-.674.448-.43.7-1.015.7-1.625v-2.526a1.887%201.887%200%200%201-.68.127Z%27%2F%3E%3C%2Fg%3E%3Cdefs%3E%3CclipPath%20id%3D%27a%27%3E%3Cpath%20fill%3D%27%23fff%27%20d%3D%27M0%200h15.83v15.21H0z%27%2F%3E%3C%2FclipPath%3E%3C%2Fdefs%3E%3C%2Fsvg%3E)