canonical · Thanhphan1147 · Mar 27, 2026
@@ -20,7 +20,15 @@
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
-SECRET_KEY = os.environ.get("DJANGO_SECRET_KEY")
+SECRET_KEY = os.environ.get("DJANGO_SECRET_KEY", "")
+if SECRET_KEY == "":
+    # Read the secret key from a file to have it persist between
+    # the manage.py script calls and the gunicorn process
+    # (it needs to be the same for the JWT tokens).
+    secret_path = Path(BASE_DIR, ".secret")
+    if secret_path.exists():
+        with open(secret_path, "r", encoding="utf-8") as secretfile:
+            SECRET_KEY = secretfile.read().strip()
 DEBUG = os.environ.get("DJANGO_DEBUG", "").lower() == "true"
 
 ALLOWED_HOSTS = json.loads(os.getenv("DJANGO_ALLOWED_HOSTS", "[]"))

@@ -8,6 +8,7 @@ dependencies = [
     "django>=6.0.3",
     "djangorestframework>=3.16.1",
     "djangorestframework-simplejwt>=5.5.1",
+    "gunicorn>=23.0.0",
     "psycopg2-binary>=2.9.11",
     "validators>=0.35.0",
     "whitenoise>=6.12.0",

@@ -0,0 +1,52 @@
+#!/bin/sh
+
+# Copyright 2026 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+DJANGO_DEBUG="$(snapctl get debug)"
+export DJANGO_DEBUG
+
+case "$DJANGO_DEBUG" in
+  "true") ;;
+  "false") ;;
+  *)
+    >&2 echo "'$DJANGO_DEBUG is not a supported value for django_debug. Possible values are true, false"
+    return 1
+    ;;
+esac
+
+DJANGO_LOG_LEVEL="$(snapctl get log-level)"
+export DJANGO_LOG_LEVEL
+
+case "$DJANGO_LOG_LEVEL" in
+  "debug") ;;
+  "info") ;;
+  "warning") ;;
+  "error") ;;
+  "critical") ;;
+  "DEBUG") ;;
+  "INFO") ;;
+  "WARNING") ;;
+  "ERROR") ;;
+  "CRITICAL") ;;
+  *)
+    >&2 echo "'$DJANGO_LOG_LEVEL is not a supported value for debug. Possible values are debug, info, warning, error, critical"
+    return 1
+    ;;
+esac
+
+DJANGO_ALLOWED_HOSTS="$(snapctl get allowed-hosts)"
+export DJANGO_ALLOWED_HOSTS
+DJANGO_DATABASE_PASSWORD="$(snapctl get database-password)"
+export DJANGO_DATABASE_PASSWORD
+DJANGO_DATABASE_HOST="$(snapctl get database-host)"
+export DJANGO_DATABASE_HOST
+DJANGO_DATABASE_PORT="$(snapctl get database-port)"
+export DJANGO_DATABASE_PORT
+DJANGO_DATABASE_USER="$(snapctl get database-user)"
+export DJANGO_DATABASE_USER
+DJANGO_DATABASE_NAME="$(snapctl get database-name)"
+export DJANGO_DATABASE_NAME
+
+snapctl stop "$SNAP_INSTANCE_NAME"
+snapctl start "$SNAP_INSTANCE_NAME"
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# Copyright 2026 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+set -xe
+
+# Create some directories
+mkdir -p "$SNAP_DATA/app"
+
+# set default configuration values
+snapctl set debug='false'
+snapctl set log-level='INFO'
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+# Copyright 2026 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+set -xe
+
+DJANGO_DEBUG="$(snapctl get debug)"
+export DJANGO_DEBUG
+DJANGO_ALLOWED_HOSTS="$(snapctl get allowed-hosts)"
+export DJANGO_ALLOWED_HOSTS
+DJANGO_LOG_LEVEL="$(snapctl get log-level)"
+export DJANGO_LOG_LEVEL
+DJANGO_DATABASE_PASSWORD="$(snapctl get database-password)"
+export DJANGO_DATABASE_PASSWORD
+DJANGO_DATABASE_HOST="$(snapctl get database-host)"
+export DJANGO_DATABASE_HOST
+DJANGO_DATABASE_PORT="$(snapctl get database-port)"
+export DJANGO_DATABASE_PORT
+DJANGO_DATABASE_USER="$(snapctl get database-user)"
+export DJANGO_DATABASE_USER
+DJANGO_DATABASE_NAME="$(snapctl get database-name)"
+export DJANGO_DATABASE_NAME
+
+LOG_LEVEL="info"
+if [ "$DJANGO_DEBUG" = "true" ]; then
+  LOG_LEVEL="debug"
+fi
+
+exec gunicorn --chdir "$SNAP_DATA/app" --bind 0.0.0.0:8080 haproxy_route_policy.wsgi \
+  --capture-output --log-level="$LOG_LEVEL"
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# Copyright 2026 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+set -e
+
+DJANGO_DEBUG="$(snapctl get debug)"
+export DJANGO_DEBUG
+DJANGO_ALLOWED_HOSTS="$(snapctl get allowed-hosts)"
+export DJANGO_ALLOWED_HOSTS
+DJANGO_LOG_LEVEL="$(snapctl get log-level)"
+export DJANGO_LOG_LEVEL
+DJANGO_DATABASE_PASSWORD="$(snapctl get database-password)"
+export DJANGO_DATABASE_PASSWORD
+DJANGO_DATABASE_HOST="$(snapctl get database-host)"
+export DJANGO_DATABASE_HOST
+DJANGO_DATABASE_PORT="$(snapctl get database-port)"
+export DJANGO_DATABASE_PORT
+DJANGO_DATABASE_USER="$(snapctl get database-user)"
+export DJANGO_DATABASE_USER
+DJANGO_DATABASE_NAME="$(snapctl get database-name)"
+export DJANGO_DATABASE_NAME
+
+exec uv run "$SNAP_DATA/app/manage.py" "$@"
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# Copyright 2026 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+# The goal of this script is to prepare the snap environment
+# for the Django application.
+
+set -xe
+
+# ----
+# API (django and gunicorn)
+# The only thing that should be kept between refreshes is the database
+
+# Create the static directory for django
+cp -r "$SNAP/app" "$SNAP_DATA/"
+chmod -R 755 "$SNAP_DATA/app"
+
+# Prepare the django app
+DJANGO_SECRET_KEY="$(python3 -c 'import secrets; print(secrets.token_urlsafe(50))')"
+export DJANGO_SECRET_KEY
+printf "%s" "$DJANGO_SECRET_KEY" > "$SNAP_DATA/app/.secret"
+python3 "$SNAP_DATA/app/manage.py" collectstatic --noinput
+
+# Change ownership of some snap directories to allow snap_daemon to read/write
+# https://snapcraft.io/docs/system-usernames
+chown -R 584788:root "$SNAP_DATA/app"
@@ -0,0 +1,51 @@
+# Copyright 2026 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+name: haproxy-route-policy
+base: core24
+version: "0.1"
+license: Apache-2.0
+summary: HAProxy Route Policy API
+description: |
+  This snap bundles the HAProxy Route Policy Django application to be included in the haproxy-route-policy-operator.
+confinement: strict
+platforms:
+  amd64:
+    build-on: [amd64]
+    build-for: [amd64]
+
+system-usernames:
+  _daemon_: shared
+
+parts:
+  haproxy-route-policy:
+    plugin: uv
+    source: .
+    build-snaps:
+      - astral-uv
+    stage-packages:
+      - gunicorn
+    stage-snaps:
+      - astral-uv
+
+  scripts:
+    plugin: dump
+    source: ./snap/scripts
+    override-prime: |
+      craftctl default
+      chmod -R +rx $CRAFT_PRIME/bin
+
+apps:
+  gunicorn:
+    command: bin/gunicorn-start
+    daemon: simple
+    restart-condition: always
+    plugs:
+      - network
+      - network-bind
+
+  manage:
+    command: bin/manage
+    plugs:
+      - network
+      - network-bind