Merge pull request #36 from canonical/IAM-618-COS-integ

feat(COS): COS integration first implementation

Author: BarcoMasile

README.md

@@ -26,7 +26,7 @@ juju run openfga-k8s/leader schema-upgrade --wait 30s
 
 #### New `openfga` interface:
 
-Current charm provides a library for the `openfga` relation intefave. Your
+Current charm provides a library for the `openfga` relation interface. Your
 application should define an interface in `metadata.yaml`:
 
 ```yaml
@@ -73,6 +73,16 @@ juju remove-relation openfga-k8s tls-certificates-operator
 
 Note: The TLS settings shown here are for self-signed-certificates, which are not recommended for production clusters. The TLS Certificates Operator offers a variety of configurations. Read more on the TLS Certificates Operator [here](https://charmhub.io/tls-certificates-operator).
 
+## Observability
+This OpenFGA operator integrates with [Canonical Observability Stack](https://charmhub.io/topics/canonical-observability-stack) (COS) bundle.
+It comes with a Grafana dashboard and Loki and Prometheus alert rules for basic common scenarios.
+To integrate with the COS bundle, after you [deploy it](https://charmhub.io/topics/canonical-observability-stack/tutorials/install-microk8s#heading--deploy-the-cos-lite-bundle), you can run:
+```bash
+juju integrate openfga:grafana-dashboard grafana:grafana-dashboard
+juju integrate openfga:metrics-endpoint prometheus:metrics-endpoint
+juju integrate loki:logging openfga:log-proxy
+```
+
 ## Security
 Security issues in the Charmed OpenFGA k8s Operator can be reported through [LaunchPad](https://wiki.ubuntu.com/DebuggingSecurity#How%20to%20File). Please do not file GitHub issues about security issues.
 

metadata.yaml

@@ -51,8 +51,3 @@ resources:
     type: oci-image
     description: OCI image for OpenFGA
     upstream-source: ghcr.io/canonical/openfga:1.3.9
-  # Temporary workaround until pebble can forward logs to Loki directly.
-  promtail-bin:
-    type: file
-    description: Promtail binary for logging
-    filename: promtail-linux

src/charm.py

@@ -27,7 +27,7 @@
     DatabaseRequires,
 )
 from charms.grafana_k8s.v0.grafana_dashboard import GrafanaDashboardProvider
-from charms.loki_k8s.v0.loki_push_api import LogProxyConsumer
+from charms.loki_k8s.v0.loki_push_api import LogProxyConsumer, PromtailDigestError
 from charms.observability_libs.v1.kubernetes_service_patch import KubernetesServicePatch
 from charms.openfga_k8s.v1.openfga import OpenFGAProvider, OpenFGAStoreRequestEvent
 from charms.prometheus_k8s.v0.prometheus_scrape import MetricsEndpointProvider
@@ -62,6 +62,7 @@
     LOG_FILE,
     LOG_PROXY_RELATION_NAME,
     METRIC_RELATION_NAME,
+    OPENFGA_METRICS_HTTP_PORT,
     OPENFGA_RELATION_NAME,
     OPENFGA_SERVER_GRPC_PORT,
     OPENFGA_SERVER_HTTP_PORT,
@@ -111,14 +112,18 @@ def __init__(self, *args: Any) -> None:
             self,
             log_files=[LOG_FILE],
             relation_name=LOG_PROXY_RELATION_NAME,
-            promtail_resource_name="promtail-bin",
             container_name=WORKLOAD_CONTAINER,
         )
 
         # Prometheus metrics endpoint relation
         self.metrics_endpoint = MetricsEndpointProvider(
             self,
-            jobs=[{"static_configs": [{"targets": [f"*:{OPENFGA_SERVER_HTTP_PORT}"]}]}],
+            jobs=[
+                {
+                    "metrics_path": "/metrics",
+                    "static_configs": [{"targets": [f"*:{OPENFGA_METRICS_HTTP_PORT}"]}],
+                }
+            ],
             refresh_event=self.on.config_changed,
             relation_name=METRIC_RELATION_NAME,
         )
@@ -161,14 +166,20 @@ def __init__(self, *args: Any) -> None:
             self._on_database_changed,
         )
         self.framework.observe(self.on.database_relation_broken, self._on_database_relation_broken)
+        self.framework.observe(
+            self.log_proxy.on.promtail_digest_error, self._on_promtail_digest_error
+        )
 
         port_http = ServicePort(
             OPENFGA_SERVER_HTTP_PORT, name=f"{self.app.name}-http", protocol="TCP"
         )
         port_grpc = ServicePort(
             OPENFGA_SERVER_GRPC_PORT, name=f"{self.app.name}-grpc", protocol="TCP"
         )
-        self.service_patcher = KubernetesServicePatch(self, [port_http, port_grpc])
+        port_metrics = ServicePort(
+            OPENFGA_METRICS_HTTP_PORT, name=f"{self.app.name}-metrics", protocol="TCP"
+        )
+        self.service_patcher = KubernetesServicePatch(self, [port_http, port_grpc, port_metrics])
 
     def _on_openfga_pebble_ready(self, event: PebbleReadyEvent) -> None:
         """Workload pebble ready."""
@@ -212,6 +223,10 @@ def _get_database_relation_info(self) -> Optional[Dict]:
             "database_name": DATABASE_NAME,
         }
 
+    def _on_promtail_digest_error(self, event: PromtailDigestError) -> None:
+        """Log PromtailDigestError error."""
+        logger.error(f'got PromtailDigestError with message: "{event.message}"')
+
     @property
     def _log_level(self) -> str:
         return self.config["log-level"]

src/constants.py

@@ -11,9 +11,10 @@
     "OPENFGA_AUTHN_PRESHARED_KEYS",
 ]
 
-LOG_FILE = "/var/log/openfga-k8s"
+LOG_FILE = "/openfga-k8s.log"
 
 OPENFGA_SERVER_HTTP_PORT = 8080
+OPENFGA_METRICS_HTTP_PORT = 2112
 OPENFGA_SERVER_GRPC_PORT = 8081
 
 PEER_KEY_DB_MIGRATE_VERSION = "db_migrate_version"