Add OpenCTI Connector Charms

.github/workflows/publish_charm.yaml

@@ -1,14 +1,92 @@
 name: Publish to edge
 
 on:
-  workflow_dispatch:
   push:
     branches:
       - main
+  pull_request:
 
 jobs:
-  publish-to-edge:
-    uses: canonical/operator-workflows/.github/workflows/publish_charm.yaml@main
-    secrets: inherit
-    with:
-      channel: latest/edge
+  find-charms:
+    name: Find Charms
+    runs-on: ubuntu-latest
+    outputs:
+      charm-dirs: ${{ steps.charm-dirs.outputs.charm-dirs }}
+    steps:
+      - uses: actions/checkout@v4
+      - id: charm-dirs
+        run: |
+          echo charm-dirs=`find -name charmcraft.yaml | xargs dirname | jq --raw-input --slurp 'split("\n") | map(select(. != ""))'` >> $GITHUB_OUTPUT
+
+  publish-charm:
+    needs: [ find-charms ]
+    strategy:
+      fail-fast: false
+      matrix:
+        charm-dir: ${{ fromJSON(needs.find-charms.outputs.charm-dirs) }}
+    name: Publish Charm (${{ matrix.charm-dir }})
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: change directory
+        run: |
+          TEMP_DIR=$(mktemp -d)
+          cp -rp ./${{ matrix.charm-dir }}/. $TEMP_DIR
+          rm -rf .* * || :
+          cp -rp $TEMP_DIR/. .
+          rm -rf $TEMP_DIR
+      - name: setup lxd
+        uses: canonical/setup-lxd@v0.1.2
+      - name: find rock
+        id: rock-dir
+        run: |
+          echo rock-dir=`dirname *rock/rockcraft.yaml` >> $GITHUB_OUTPUT
+      - name: build rock
+        id: rockcraft
+        run: |
+          sudo snap install --channel latest/stable --classic rockcraft
+          cd ${{ steps.rock-dir.outputs.rock-dir }}
+          rockcraft pack --verbosity trace
+          echo rock=`ls *.rock` >> $GITHUB_OUTPUT
+      - run: |
+          echo rockcraft pack:
+          echo ${{ steps.rockcraft.outputs.rock }}
+      - name: upload rock
+        run: |
+          cd ${{ steps.rock-dir.outputs.rock-dir }}
+          rockcraft.skopeo --insecure-policy copy --dest-tls-verify=false oci-archive:${{ steps.rockcraft.outputs.rock }} docker-daemon:rock:latest
+      - name: build charm
+        id: charmcraft
+        run: |
+          sudo snap install --channel latest/stable --classic charmcraft
+          charmcraft pack --verbosity trace
+          echo charms=`ls *.charm` >> $GITHUB_OUTPUT
+      - run: |
+          echo charmcraft pack:
+          echo ${{ steps.charmcraft.outputs.charms }}
+      - id: charm-name
+        run: |
+          echo charm-name=`yq -r .name charmcraft.yaml` >> $GITHUB_OUTPUT
+      - run: |
+          sudo apt update && sudo apt install python3-yaml -y
+      - name: update upstream-source
+        shell: python
+        run: |
+          import yaml
+
+          charmcraft_yaml = yaml.safe_load(open("charmcraft.yaml"))
+          resources = charmcraft_yaml["resources"]
+          resources[list(resources)[0]]["upstream-source"] = "rock:latest"
+          yaml.dump(charmcraft_yaml, open("charmcraft.yaml", "w"), sort_keys=False)
+      - run: |
+          echo upload charm ${{ steps.charm-name.outputs.charm-name }}
+      - run: |
+          cat charmcraft.yaml
+      - if: github.event_name == 'push'
+        name: publish charm
+        uses: canonical/charming-actions/upload-charm@2.6.3
+        with:
+          credentials: ${{ secrets.CHARMHUB_TOKEN }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          built-charm-path: ${{ steps.charmcraft.outputs.charms }}
+          tag-prefix: ${{ steps.charm-name.outputs.charm-name }}

.github/workflows/test.yaml

@@ -5,11 +5,13 @@ on:
 
 jobs:
   unit-tests:
+    name: Unit Tests
     uses: canonical/operator-workflows/.github/workflows/test.yaml@main
     secrets: inherit
     with:
       self-hosted-runner: false
   integration-tests:
+    name: Integration Tests
     uses: canonical/operator-workflows/.github/workflows/integration_test.yaml@main
     secrets: inherit
     with:
@@ -19,3 +21,14 @@ jobs:
       microk8s-addons: "dns ingress rbac storage"
       pre-run-script: tests/integration/prepare.sh
       self-hosted-runner: false
+  check-connector-sync:
+    name: Check Connectors
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+      - run: pip install tox
+      - run: tox -e generate-connectors
+      - run: git diff --exit-code

.gitignore

@@ -9,4 +9,4 @@ __pycache__/
 .vscode
 .mypy_cache
 *.egg-info/
-*/*.rock
+*.rock

.licenserc.yaml

@@ -34,4 +34,5 @@ header:
     - 'trivy.yaml'
     - 'zap_rules.tsv'
     - 'lib/**'
+    - 'src/opencti.graphql'
   comment: on-failure

.woke.yaml

@@ -1,2 +1,5 @@
 ignore_files:
   - lib/charms/redis_k8s/v0/redis.py
+  - connectors/**
+  - scripts/**
+  - tests/unit/test_connectors.py

charmcraft.yaml

@@ -53,6 +53,8 @@ requires:
     interface: ingress
     optional: false
     limit: 1
+  opencti-connector:
+    interface: opencti_connector
   logging:
     interface: loki_push_api
     optional: true

connector-template/charmcraft.yaml.j2

@@ -0,0 +1,46 @@
+# Copyright 2025 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+name: opencti-{{ name }}-connector
+title: OpenCTI {{ display_name_short }} Charm
+summary: OpenCTI {{ display_name }} connector charm.
+links:
+  documentation: https://discourse.charmhub.io
+  issues: https://github.com/canonical/opencti-operator/issues
+  source: https://github.com/canonical/opencti-operator
+  contact: https://launchpad.net/~canonical-is-devops
+
+description: |
+  A [Juju](https://juju.is/) [charm](https://juju.is/docs/olm/charmed-operators) 
+  for deploying and managing the [OpenCTI Connectors](https://docs.opencti.io/latest/deployment/connectors/)
+  for the OpenCTI charm.
+
+  This charm simplifies the configuration and maintenance of OpenCTI Connectors
+  across a  range of environments, organize your cyber threat intelligence to
+  enhance and disseminate actionable insights.
+
+{{ config | safe }}
+
+provides:
+  opencti-connector:
+    interface: opencti_connector
+    limit: 1
+
+type: charm
+base: ubuntu@24.04
+build-base: ubuntu@24.04
+platforms:
+  amd64:
+parts:
+  charm: {}
+
+containers:
+  opencti-{{ name }}-connector:
+    resource: opencti-{{ name }}-connector-image
+resources:
+  opencti-{{ name }}-connector-image:
+    type: oci-image
+    description: OCI image for the OpenCTI {{ display_name }} connector.
+
+assumes:
+  - juju >= 3.4

connector-template/requirements.txt

@@ -0,0 +1 @@
+ops == 2.17.0

connector-template/rock/rockcraft.yaml.j2

@@ -0,0 +1,41 @@
+# Copyright 2025 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+name: opencti-{{ name }}-connector
+base: ubuntu@24.04
+version: &version '{{ version }}'
+summary: OpenCTI {{ display_name }} Connector
+description: >-
+  OpenCTI connectors are the cornerstone of the OpenCTI platform and
+  allow organizations to easily ingest, enrich or export data.
+platforms:
+  amd64:
+
+parts:
+  {{ name }}-connector:
+    source: https://github.com/OpenCTI-Platform/connectors.git
+    source-type: git
+    source-tag: *version
+    source-depth: 1
+    plugin: nil
+    build-packages:
+      - python3-pip
+    stage-packages:
+      - python3
+      - libmagic1
+      - libffi8
+      - libxslt1.1
+      - libxml2
+      - python-is-python3
+    override-build: |
+      craftctl default
+      mkdir -p $CRAFT_PART_INSTALL/opt
+      cd {{ constant_to_kebab(connector_type) }}/{{ connector_name }}
+      cp -rp src $CRAFT_PART_INSTALL/opt/{{ install_location }}
+      {{ generate_entrypoint }}
+      cat entrypoint.sh | grep {{ install_location }}
+      mkdir -p $CRAFT_PART_INSTALL/usr/local/lib/python3.12/dist-packages
+      pip install \
+        --target $CRAFT_PART_INSTALL/usr/local/lib/python3.12/dist-packages \
+        -r $(find -name requirements.txt)
+      cp entrypoint.sh $CRAFT_PART_INSTALL/

connector-template/src/charm.py.j2

@@ -0,0 +1,25 @@
+#!/usr/bin/env python3
+
+# Copyright 2025 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+"""OpenCTI {{ display_name }} connector charm the service."""
+
+import pathlib
+
+import ops
+
+from charms.opencti.v0.opencti_connector import OpenctiConnectorCharm
+
+
+class Opencti{{ kebab_to_pascal(name) }}ConnectorCharm(OpenctiConnectorCharm):
+    connector_type = "{{ connector_type }}"
+
+    @property
+    def charm_dir(self) -> pathlib.Path:
+        return pathlib.Path(__file__).parent.parent.absolute()
+
+    {{ charm_override | safe | indent(4) }}
+
+if __name__ == "__main__":
+    ops.main(Opencti{{ kebab_to_pascal(name) }}ConnectorCharm)

connectors/abuseipdb_ipblacklist/charmcraft.yaml

@@ -0,0 +1,78 @@
+# Copyright 2025 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+name: opencti-abuseipdb-ipblacklist-connector
+title: OpenCTI abuseipdb ipblacklist Charm
+summary: OpenCTI abuseipdb ipblacklist connector charm.
+links:
+  documentation: https://discourse.charmhub.io
+  issues: https://github.com/canonical/opencti-operator/issues
+  source: https://github.com/canonical/opencti-operator
+  contact: https://launchpad.net/~canonical-is-devops
+
+description: |
+  A [Juju](https://juju.is/) [charm](https://juju.is/docs/olm/charmed-operators) 
+  for deploying and managing the [OpenCTI Connectors](https://docs.opencti.io/latest/deployment/connectors/)
+  for the OpenCTI charm.
+
+  This charm simplifies the configuration and maintenance of OpenCTI Connectors
+  across a  range of environments, organize your cyber threat intelligence to
+  enhance and disseminate actionable insights.
+
+config:
+  options:
+    abuseipdb-api-key:
+      description: Abuse IPDB API KEY
+      optional: false
+      type: string
+    abuseipdb-interval:
+      description: interval between 2 collect itself
+      optional: false
+      type: int
+    abuseipdb-limit:
+      description: limit number of result itself
+      optional: false
+      type: int
+    abuseipdb-score:
+      description: AbuseIPDB Score Limitation
+      optional: false
+      type: int
+    connector-scope:
+      type: string
+      description: connector scope
+      optional: false
+    abuseipdb-url:
+      description: the Abuse IPDB URL
+      type: string
+      optional: false
+      default: https://api.abuseipdb.com/api/v2/blacklist
+    connector-log-level:
+      type: string
+      description: determines the verbosity of the logs. Options are debug, info, warn, or error
+      default: info
+      optional: false
+
+
+provides:
+  opencti-connector:
+    interface: opencti_connector
+    limit: 1
+
+type: charm
+base: ubuntu@24.04
+build-base: ubuntu@24.04
+platforms:
+  amd64:
+parts:
+  charm: {}
+
+containers:
+  opencti-abuseipdb-ipblacklist-connector:
+    resource: opencti-abuseipdb-ipblacklist-connector-image
+resources:
+  opencti-abuseipdb-ipblacklist-connector-image:
+    type: oci-image
+    description: OCI image for the OpenCTI abuseipdb ipblacklist connector.
+
+assumes:
+  - juju >= 3.4