Add OpenCTI Connector Charms

.github/workflows/test.yaml

@@ -8,5 +8,14 @@ jobs:
     uses: canonical/operator-workflows/.github/workflows/test.yaml@main
     secrets: inherit
     with:
-      self-hosted-runner: true
-      self-hosted-runner-label: "edge"
+      self-hosted-runner: false
+  integration-tests:
+    uses: canonical/operator-workflows/.github/workflows/integration_test.yaml@main
+    secrets: inherit
+    with:
+      channel: 1.29-strict/stable
+      charmcraft-channel: latest/edge
+      juju-channel: 3.6/stable
+      microk8s-addons: "dns ingress rbac storage"
+      pre-run-script: tests/integration/prepare.sh
+      self-hosted-runner: false

.gitignore

@@ -9,4 +9,4 @@ __pycache__/
 .vscode
 .mypy_cache
 *.egg-info/
-*/*.rock
+*.rock

.licenserc.yaml

@@ -9,15 +9,29 @@ header:
     - '**'
   paths-ignore:
     - '.github/**'
+    - '**/.gitkeep'
+    - '**/*.cfg'
+    - '**/*.conf'
+    - '**/*.j2'
     - '**/*.json'
     - '**/*.md'
+    - '**/*.rule'
+    - '**/*.tmpl'
     - '**/*.txt'
+    - '.codespellignore'
+    - '.dockerignore'
+    - '.flake8'
     - '.jujuignore'
     - '.gitignore'
     - '.licenserc.yaml'
+    - '.trivyignore'
+    - '.woke.yaml'
+    - '.woke.yml'
     - 'CODEOWNERS'
+    - 'icon.svg'
     - 'LICENSE'
-    - 'trivy.yaml'
     - 'pyproject.toml'
+    - 'trivy.yaml'
     - 'zap_rules.tsv'
+    - 'lib/**'
   comment: on-failure

.trivyignore

@@ -0,0 +1,8 @@
+# cross-spawn (package.json)
+CVE-2024-21538
+# esbuild
+CVE-2024-24790
+CVE-2023-45288
+CVE-2024-34156
+# pebble
+CVE-2024-45338

.woke.yaml

@@ -0,0 +1,5 @@
+ignore_files:
+  - lib/charms/redis_k8s/v0/redis.py
+  - connectors/**
+  - scripts/**
+  - tests/unit/test_connectors.py

charmcraft.yaml

@@ -1,13 +1,100 @@
-# Copyright 2024 Canonical Ltd.
+# Copyright 2025 Canonical Ltd.
 # See LICENSE file for licensing details.
-# This file configures Charmcraft.
-# See https://juju.is/docs/sdk/charmcraft-config for guidance.
+
+name: opencti
+title: OpenCTI Charm
+summary: OpenCTI charm.
+links:
+  documentation: https://github.com/canonical/opencti-operator/blob/main/README.md
+  issues: https://github.com/canonical/opencti-operator/issues
+  source: https://github.com/canonical/opencti-operator
+  contact: https://launchpad.net/~canonical-is-devops
+
+description: |
+  A [Juju](https://juju.is/) [charm](https://juju.is/docs/olm/charmed-operators) 
+  for deploying and managing the [OpenCTI](https://filigran.io/solutions/open-cti/)
+  open-source threat intelligence platform in your systems.
+
+  This charm simplifies the configuration and maintenance of OpenCTI across a 
+  range of environments, organize your cyber threat intelligence to enhance 
+  and disseminate actionable insights.
+
+config:
+  options:
+    admin-user:
+      type: string
+      description: |
+        OpenCTI admin user email and password.  
+        The content of this configuration should be a Juju user secret ID.  
+        The Juju user secret should contain two fields, `email` and `password`, 
+        where `email` is the admin user email, and `password` is the admin user password.  
+        Use the following commands to create a Juju user secret for this configuration:  
+        `juju add-secret opencti-admin-user email=admin@example.com password#file=/path/to/password.txt`  
+        `juju grant-secret opencti-admin-user opencti`
+
+requires:
+  opensearch-client:
+    interface: opensearch_client
+    optional: false
+    limit: 1
+  redis:
+    interface: redis
+    optional: false
+    limit: 1
+  amqp:
+    interface: rabbitmq
+    optional: false
+    limit: 1
+  s3:
+    interface: s3
+    optional: false
+    limit: 1
+  ingress:
+    interface: ingress
+    optional: false
+    limit: 1
+  opencti-connector:
+    interface: opencti_connector
+  logging:
+    interface: loki_push_api
+    optional: true
+
+provides:
+  metrics-endpoint:
+    interface: prometheus_scrape
+    optional: true
+  grafana-dashboard:
+    interface: grafana_dashboard
+    optional: true
+
+peers:
+  opencti-peer:
+    interface: opencti_peer
 
 type: charm
-bases:
-  - build-on:
-    - name: ubuntu
-      channel: "22.04"
-    run-on:
-    - name: ubuntu
-      channel: "22.04"
+base: ubuntu@24.04
+build-base: ubuntu@24.04
+platforms:
+  amd64:
+parts:
+  charm:
+    build-snaps:
+      - rustup
+    override-build: |
+      rustup default stable
+      craftctl default
+    build-packages:
+      - libffi-dev
+      - libssl-dev
+      - pkg-config
+
+containers:
+  opencti:
+    resource: opencti-image
+resources:
+  opencti-image:
+    type: oci-image
+    description: OCI image for the OpenCTI platform/worker.
+
+assumes:
+  - juju >= 3.4

connector-template/charmcraft.yaml.j2

@@ -0,0 +1,46 @@
+# Copyright 2025 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+name: opencti-{{ name }}-connector
+title: OpenCTI {{ display_name_short }} Charm
+summary: OpenCTI {{ display_name }} charm.
+links:
+  documentation: https://discourse.charmhub.io
+  issues: https://github.com/canonical/opencti-operator/issues
+  source: https://github.com/canonical/opencti-operator
+  contact: https://launchpad.net/~canonical-is-devops
+
+description: |
+  A [Juju](https://juju.is/) [charm](https://juju.is/docs/olm/charmed-operators) 
+  for deploying and managing the [OpenCTI Connectors](https://docs.opencti.io/latest/deployment/connectors/)
+  for the OpenCTI charm.
+
+  This charm simplifies the configuration and maintenance of OpenCTI Connectors
+  across a  range of environments, organize your cyber threat intelligence to
+  enhance and disseminate actionable insights.
+
+{{ config | safe }}
+
+provides:
+  opencti-connector:
+    interface: opencti_connector
+    limit: 1
+
+type: charm
+base: ubuntu@24.04
+build-base: ubuntu@24.04
+platforms:
+  amd64:
+parts:
+  charm: {}
+
+containers:
+  opencti-{{ name }}-connector:
+    resource: opencti-{{ name }}-connector-image
+resources:
+  opencti-{{ name }}-connector-image:
+    type: oci-image
+    description: OCI image for the OpenCTI {{ display_name }} connector.
+
+assumes:
+  - juju >= 3.4

connector-template/requirements.txt

@@ -0,0 +1 @@
+ops

connector-template/rock/rockcraft.yaml.j2

@@ -0,0 +1,39 @@
+# Copyright 2025 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+name: opencti-{{ name }}-connector
+base: ubuntu@24.04
+version: &version '{{ version }}'
+summary: OpenCTI {{ display_name }} Connector
+description: >-
+  OpenCTI connectors are the cornerstone of the OpenCTI platform and
+  allow organizations to easily ingest, enrich or export data.
+platforms:
+  amd64:
+
+parts:
+  {{ name }}-connector:
+    source: https://github.com/OpenCTI-Platform/connectors.git
+    source-type: git
+    source-tag: *version
+    source-depth: 1
+    plugin: nil
+    build-packages:
+      - python3-pip
+    stage-packages:
+      - python3-dev
+      - libmagic1
+      - libffi-dev
+    override-build: |
+      craftctl default
+      ls -lah
+      mkdir -p $CRAFT_PART_INSTALL/opt
+      cd {{ constant_to_kebab(connector_type) }}/{{ connector_name }}
+      cp -rp src $CRAFT_PART_INSTALL/opt/{{ install_location }}
+      {{ generate_entrypoint }}
+      cat entrypoint.sh | grep {{ install_location }}
+      mkdir -p $CRAFT_PART_INSTALL/usr/local/lib/python3.12/dist-packages
+      pip install \
+        --target $CRAFT_PART_INSTALL/usr/local/lib/python3.12/dist-packages \
+        -r $(find -name requirements.txt)
+      cp entrypoint.sh $CRAFT_PART_INSTALL/

connector-template/src/charm.py.j2

@@ -0,0 +1,25 @@
+#!/usr/bin/env python3
+
+# Copyright 2025 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+"""OpenCTI {{ display_name }} connector charm the service."""
+
+import pathlib
+
+import ops
+
+from charms.opencti.v0.opencti_connector import OpenctiConnectorCharm
+
+
+class Opencti{{ kebab_to_pascal(name) }}ConnectorCharm(OpenctiConnectorCharm):
+    connector_type = "{{ connector_type }}"
+
+    @property
+    def charm_dir(self) -> pathlib.Path:
+        return pathlib.Path(__file__).parent.parent.absolute()
+
+    {{ charm_override | safe | indent(4) }}
+
+if __name__ == "__main__":
+    ops.main(Opencti{{ kebab_to_pascal(name) }}ConnectorCharm)