Add support for tls-certificates relation
Add support for the charm to request and receive certificates from the tls-certificates relation. Change-Id: I821ad15aa6af7eaf9d22a00e7d3fb79611d4b6b5 Closes-Bug: 1776643
This commit is contained in:
parent
93b263831c
commit
049993db1b
|
@ -0,0 +1 @@
|
|||
hooks.py
|
|
@ -0,0 +1 @@
|
|||
hooks.py
|
|
@ -0,0 +1 @@
|
|||
hooks.py
|
|
@ -0,0 +1 @@
|
|||
hooks.py
|
|
@ -88,6 +88,11 @@ from utils import (
|
|||
from charmhelpers.contrib.charmsupport import nrpe
|
||||
from charmhelpers.contrib.hardening.harden import harden
|
||||
|
||||
from charmhelpers.contrib.openstack.cert_utils import (
|
||||
get_certificate_request,
|
||||
process_certificates,
|
||||
)
|
||||
|
||||
hooks = Hooks()
|
||||
CONFIGS = register_configs()
|
||||
NSS_DIR = '/var/lib/ceph/nss'
|
||||
|
@ -171,6 +176,10 @@ def config_changed():
|
|||
for r_id in relation_ids('ha'):
|
||||
ha_relation_joined(r_id)
|
||||
|
||||
# Refire certificates relations for VIP changes
|
||||
for r_id in relation_ids('certificates'):
|
||||
certs_joined(r_id)
|
||||
|
||||
CONFIGS.write_all()
|
||||
configure_https()
|
||||
|
||||
|
@ -283,6 +292,9 @@ def cluster_changed():
|
|||
CONFIGS.write_all()
|
||||
for r_id in relation_ids('identity-service'):
|
||||
identity_joined(relid=r_id)
|
||||
for r_id in relation_ids('certificates'):
|
||||
for unit in related_units(r_id):
|
||||
certs_changed(r_id, unit)
|
||||
_cluster_changed()
|
||||
|
||||
|
||||
|
@ -364,6 +376,22 @@ def post_series_upgrade():
|
|||
resume_unit_helper, CONFIGS)
|
||||
|
||||
|
||||
@hooks.hook('certificates-relation-joined')
|
||||
def certs_joined(relation_id=None):
|
||||
relation_set(
|
||||
relation_id=relation_id,
|
||||
relation_settings=get_certificate_request())
|
||||
|
||||
|
||||
@hooks.hook('certificates-relation-changed')
|
||||
def certs_changed(relation_id=None, unit=None):
|
||||
@restart_on_change(restart_map(), stopstart=True)
|
||||
def _certs_changed():
|
||||
process_certificates('ceph-radosgw', relation_id, unit)
|
||||
configure_https()
|
||||
_certs_changed()
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
try:
|
||||
hooks.execute(sys.argv)
|
||||
|
|
|
@ -29,6 +29,8 @@ requires:
|
|||
ha:
|
||||
interface: hacluster
|
||||
scope: container
|
||||
certificates:
|
||||
interface: tls-certificates
|
||||
provides:
|
||||
nrpe-external-master:
|
||||
interface: nrpe-external-master
|
||||
|
|
|
@ -61,6 +61,8 @@ TO_PATCH = [
|
|||
'restart_map',
|
||||
'systemd_based_radosgw',
|
||||
'request_per_unit_key',
|
||||
'get_certificate_request',
|
||||
'process_certificates',
|
||||
]
|
||||
|
||||
|
||||
|
@ -91,13 +93,19 @@ class CephRadosGWTests(CharmTestCase):
|
|||
self.enable_pocket.assert_called_with('multiverse')
|
||||
self.os.makedirs.called_with('/var/lib/ceph/nss')
|
||||
|
||||
@patch.object(ceph_hooks, 'certs_joined')
|
||||
@patch.object(ceph_hooks, 'update_nrpe_config')
|
||||
def test_config_changed(self, update_nrpe_config):
|
||||
def test_config_changed(self, update_nrpe_config, mock_certs_joined):
|
||||
_install_packages = self.patch('install_packages')
|
||||
_relations = {
|
||||
'certificates': ['certificates:1']
|
||||
}
|
||||
self.relation_ids.side_effect = lambda name: _relations.get(name, [])
|
||||
ceph_hooks.config_changed()
|
||||
self.assertTrue(_install_packages.called)
|
||||
self.CONFIGS.write_all.assert_called_with()
|
||||
update_nrpe_config.assert_called_with()
|
||||
mock_certs_joined.assert_called_once_with('certificates:1')
|
||||
|
||||
@patch.object(ceph_hooks, 'is_request_complete',
|
||||
lambda *args, **kwargs: True)
|
||||
|
@ -251,12 +259,22 @@ class CephRadosGWTests(CharmTestCase):
|
|||
'internal-address': '10.0.1.1',
|
||||
'private-address': '10.0.3.1'})])
|
||||
|
||||
def test_cluster_changed(self):
|
||||
@patch.object(ceph_hooks, 'certs_changed')
|
||||
def test_cluster_changed(self, mock_certs_changed):
|
||||
_id_joined = self.patch('identity_joined')
|
||||
self.relation_ids.return_value = ['rid']
|
||||
_relations = {
|
||||
'identity-service': ['rid'],
|
||||
'certificates': ['certificates:1'],
|
||||
}
|
||||
self.relation_ids.side_effect = lambda name: _relations.get(name)
|
||||
self.related_units.return_value = ['vault/0', 'vault/1']
|
||||
ceph_hooks.cluster_changed()
|
||||
self.CONFIGS.write_all.assert_called_with()
|
||||
_id_joined.assert_called_with(relid='rid')
|
||||
mock_certs_changed.assert_has_calls([
|
||||
call('certificates:1', 'vault/0'),
|
||||
call('certificates:1', 'vault/1')
|
||||
])
|
||||
|
||||
def test_ha_relation_joined(self):
|
||||
self.generate_ha_relation_data.return_value = {
|
||||
|
@ -274,3 +292,22 @@ class CephRadosGWTests(CharmTestCase):
|
|||
self.relation_ids.return_value = ['rid']
|
||||
ceph_hooks.ha_relation_changed()
|
||||
_id_joined.assert_called_with(relid='rid')
|
||||
|
||||
def test_certs_joined(self):
|
||||
self.get_certificate_request.return_value = {'foo': 'baa'}
|
||||
ceph_hooks.certs_joined('certificates:1')
|
||||
self.relation_set.assert_called_once_with(
|
||||
relation_id='certificates:1',
|
||||
relation_settings={'foo': 'baa'}
|
||||
)
|
||||
self.get_certificate_request.assert_called_once_with()
|
||||
|
||||
@patch.object(ceph_hooks, 'configure_https')
|
||||
def test_certs_changed(self, mock_configure_https):
|
||||
ceph_hooks.certs_changed('certificates:1', 'vault/0')
|
||||
self.process_certificates.assert_called_once_with(
|
||||
'ceph-radosgw',
|
||||
'certificates:1',
|
||||
'vault/0'
|
||||
)
|
||||
mock_configure_https.assert_called_once_with()
|
||||
|
|
Loading…
Reference in New Issue