Create the initial version of the OpenCTI charm (#2)

canonical · Jan 13, 2025 · 6720473 · 6720473
1 parent 4127704
commit 6720473
Show file tree

Hide file tree

Showing 34 changed files with 16,021 additions and 287 deletions.
diff --git a/.github/workflows/integration_test.yaml b/.github/workflows/integration_test.yaml
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -8,5 +8,14 @@ jobs:
     uses: canonical/operator-workflows/.github/workflows/test.yaml@main
     secrets: inherit
     with:
-      self-hosted-runner: true
-      self-hosted-runner-label: "edge"
+      self-hosted-runner: false
+  integration-tests:
+    uses: canonical/operator-workflows/.github/workflows/integration_test.yaml@main
+    secrets: inherit
+    with:
+      channel: 1.29-strict/stable
+      charmcraft-channel: latest/edge
+      juju-channel: 3.6/stable
+      microk8s-addons: "dns ingress rbac storage"
+      pre-run-script: tests/integration/prepare.sh
+      self-hosted-runner: false
diff --git a/.licenserc.yaml b/.licenserc.yaml
@@ -9,15 +9,29 @@ header:
     - '**'
   paths-ignore:
     - '.github/**'
+    - '**/.gitkeep'
+    - '**/*.cfg'
+    - '**/*.conf'
+    - '**/*.j2'
     - '**/*.json'
     - '**/*.md'
+    - '**/*.rule'
+    - '**/*.tmpl'
     - '**/*.txt'
+    - '.codespellignore'
+    - '.dockerignore'
+    - '.flake8'
     - '.jujuignore'
     - '.gitignore'
     - '.licenserc.yaml'
+    - '.trivyignore'
+    - '.woke.yaml'
+    - '.woke.yml'
     - 'CODEOWNERS'
+    - 'icon.svg'
     - 'LICENSE'
-    - 'trivy.yaml'
     - 'pyproject.toml'
+    - 'trivy.yaml'
     - 'zap_rules.tsv'
+    - 'lib/**'
   comment: on-failure
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,8 @@
+# cross-spawn (package.json)
+CVE-2024-21538
+# esbuild
+CVE-2024-24790
+CVE-2023-45288
+CVE-2024-34156
+# pebble
+CVE-2024-45338
diff --git a/.woke.yaml b/.woke.yaml
@@ -0,0 +1,2 @@
+ignore_files:
+  - lib/charms/redis_k8s/v0/redis.py
diff --git a/charmcraft.yaml b/charmcraft.yaml
@@ -1,13 +1,98 @@
-# Copyright 2024 Canonical Ltd.
+# Copyright 2025 Canonical Ltd.
 # See LICENSE file for licensing details.
-# This file configures Charmcraft.
-# See https://juju.is/docs/sdk/charmcraft-config for guidance.
+
+name: opencti
+title: OpenCTI Charm
+summary: OpenCTI charm.
+links:
+  documentation: https://github.com/canonical/opencti-operator/blob/main/README.md
+  issues: https://github.com/canonical/opencti-operator/issues
+  source: https://github.com/canonical/opencti-operator
+  contact: https://launchpad.net/~canonical-is-devops
+
+description: |
+  A [Juju](https://juju.is/) [charm](https://juju.is/docs/olm/charmed-operators) 
+  for deploying and managing the [OpenCTI](https://filigran.io/solutions/open-cti/)
+  open-source threat intelligence platform in your systems.
+  
+  This charm simplifies the configuration and maintenance of OpenCTI across a 
+  range of environments, organize your cyber threat intelligence to enhance 
+  and disseminate actionable insights.
+
+config:
+  options:
+    admin-user:
+      type: string
+      description: |
+        OpenCTI admin user email and password.  
+        The content of this configuration should be a Juju user secret ID.  
+        The Juju user secret should contain two fields, `email` and `password`, 
+        where `email` is the admin user email, and `password` is the admin user password.  
+        Use the following commands to create a Juju user secret for this configuration:  
+        `juju add-secret opencti-admin-user [email protected] password#file=/path/to/password.txt`  
+        `juju grant-secret opencti-admin-user opencti`
+
+requires:
+  opensearch-client:
+    interface: opensearch_client
+    optional: false
+    limit: 1
+  redis:
+    interface: redis
+    optional: false
+    limit: 1
+  amqp:
+    interface: rabbitmq
+    optional: false
+    limit: 1
+  s3:
+    interface: s3
+    optional: false
+    limit: 1
+  ingress:
+    interface: ingress
+    optional: false
+    limit: 1
+  logging:
+    interface: loki_push_api
+    optional: true
+
+provides:
+  metrics-endpoint:
+    interface: prometheus_scrape
+    optional: true
+  grafana-dashboard:
+    interface: grafana_dashboard
+    optional: true
+
+peers:
+  opencti-peer:
+    interface: opencti_peer
 
 type: charm
-bases:
-  - build-on:
-    - name: ubuntu
-      channel: "22.04"
-    run-on:
-    - name: ubuntu
-      channel: "22.04"
+base: [email protected]
+build-base: [email protected]
+platforms:
+  amd64:
+parts:
+  charm:
+    build-snaps:
+      - rustup
+    override-build: |
+      rustup default stable
+      craftctl default
+    build-packages:
+      - libffi-dev
+      - libssl-dev
+      - pkg-config
+
+containers:
+  opencti:
+    resource: opencti-image
+resources:
+  opencti-image:
+    type: oci-image
+    description: OCI image for the OpenCTI platform/worker.
+
+assumes:
+  - juju >= 3.4
diff --git a/config.yaml b/config.yaml
diff --git a/generate-src-docs.sh b/generate-src-docs.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright 2024 Canonical Ltd.
+# Copyright 2025 Canonical Ltd.
 # See LICENSE file for licensing details.
 
 lazydocs --no-watermark --output-path src-docs src/*
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		ignore_files:
		- lib/charms/redis_k8s/v0/redis.py