From 1dbcebfa1972796fd6c87e4fc9c233b547ac13d9 Mon Sep 17 00:00:00 2001
From: Weii Wang <weii.wang@canonical.com>
Date: Mon, 9 Dec 2024 12:34:07 +0800
Subject: [PATCH] Update config description

---
 charmcraft.yaml          | 9 +++++++--
 src/charm.py             | 7 ++++++-
 tests/unit/test_charm.py | 1 +
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/charmcraft.yaml b/charmcraft.yaml
index abd1bdd..61dbc55 100644
--- a/charmcraft.yaml
+++ b/charmcraft.yaml
@@ -26,8 +26,13 @@ config:
     admin-user:
       type: string
       description: |
-        OpenCTI admin user email and password.
-        The content of this configuration should be a 
+        OpenCTI admin user email and password.  
+        The content of this configuration should be a Juju user secret ID.  
+        The Juju user secret should contain two fields, `email` and `password`, 
+        where `email` is the admin user email, and `password` is the admin user password.  
+        Use the following commands to create a Juju user secret for this configuration:  
+        `juju add-secret opencti-admin-user email=admin@example.com password#file=/path/to/password.txt`  
+        `juju grant-secret opencti-admin-user opencti`
 
 requires:
   opensearch-client:
diff --git a/src/charm.py b/src/charm.py
index fd90dab..33954f3 100755
--- a/src/charm.py
+++ b/src/charm.py
@@ -81,12 +81,16 @@ def __init__(self, *args: typing.Any):
         """
         super().__init__(*args)
         self._container = self.unit.get_container("opencti")
+        if self.app.name == "x-opencti":
+            self.unit.status = ops.BlockedStatus("charm cannot be named 'x-opencti'")
+            return
         self._opensearch = OpenSearchRequires(
             self,
             relation_name="opensearch-client",
             # suppress the OpenSearch charm from creating the index
             # use the name x-opencti so OpenSearch will create an index named 'x-opencti'
-            # which shouldn't interfere with the OpenCTI platform
+            # which shouldn't interfere with the OpenCTI (index prefix is the charm app name)
+            # hope nobody names the charm app 'x-opencti'
             index="x-opencti",
             # the OpenSearch charm can't handle access control for index patterns
             extra_user_roles="admin",
@@ -386,6 +390,7 @@ def _prepare_opensearch_env(self) -> dict[str, str]:
         ]
         env = {
             "ELASTICSEARCH__URL": json.dumps(uris),
+            "ELASTICSEARCH__INDEX_PREFIX": self.app.name,
         }
         if ca := data.get("tls-ca"):
             self._container.make_dir("/opt/opencti/config/", make_parents=True)
diff --git a/tests/unit/test_charm.py b/tests/unit/test_charm.py
index 13ea88d..349379c 100644
--- a/tests/unit/test_charm.py
+++ b/tests/unit/test_charm.py
@@ -37,6 +37,7 @@ def test_pebble_plan():
                     "APP__PORT": "8080",
                     "APP__TELEMETRY__METRICS__ENABLED": "true",
                     "ELASTICSEARCH__PASSWORD": "opensearch-password",
+                    "ELASTICSEARCH__INDEX_PREFIX": "opencti",
                     "ELASTICSEARCH__SSL__CA": "/opt/opencti/config/opensearch.pem",
                     "ELASTICSEARCH__URL": json.dumps(
                         [