charm-helpers sync
Synchronize charm-helpers to get service token related patches. Related-Bug: #1992840 Change-Id: Iba36e4b97f542c4c7727a1851c3e68b049a25f85
This commit is contained in:
Felipe Reyes
parent
fefb6bc2c9
commit
68752c604e
|
|
@ -221,6 +221,13 @@ def https():
|
||||||
return True
|
return True
|
||||||
if config_get('ssl_cert') and config_get('ssl_key'):
|
if config_get('ssl_cert') and config_get('ssl_key'):
|
||||||
return True
|
return True
|
||||||
|
# Local import to avoid ciruclar dependency.
|
||||||
|
import charmhelpers.contrib.openstack.cert_utils as cert_utils
|
||||||
|
if (
|
||||||
|
cert_utils.get_certificate_request() and not
|
||||||
|
cert_utils.get_requests_for_local_unit("certificates")
|
||||||
|
):
|
||||||
|
return False
|
||||||
for r_id in relation_ids('certificates'):
|
for r_id in relation_ids('certificates'):
|
||||||
for unit in relation_list(r_id):
|
for unit in relation_list(r_id):
|
||||||
ca = relation_get('ca', rid=r_id, unit=unit)
|
ca = relation_get('ca', rid=r_id, unit=unit)
|
||||||
|
|
@ -324,7 +331,7 @@ def valid_hacluster_config():
|
||||||
'''
|
'''
|
||||||
vip = config_get('vip')
|
vip = config_get('vip')
|
||||||
dns = config_get('dns-ha')
|
dns = config_get('dns-ha')
|
||||||
if not(bool(vip) ^ bool(dns)):
|
if not (bool(vip) ^ bool(dns)):
|
||||||
msg = ('HA: Either vip or dns-ha must be set but not both in order to '
|
msg = ('HA: Either vip or dns-ha must be set but not both in order to '
|
||||||
'use high availability')
|
'use high availability')
|
||||||
status_set('blocked', msg)
|
status_set('blocked', msg)
|
||||||
|
|
|
||||||
|
|
@ -467,7 +467,7 @@ def ns_query(address):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
answers = dns.resolver.query(address, rtype)
|
answers = dns.resolver.query(address, rtype)
|
||||||
except dns.resolver.NXDOMAIN:
|
except (dns.resolver.NXDOMAIN, dns.resolver.NoNameservers):
|
||||||
return None
|
return None
|
||||||
|
|
||||||
if answers:
|
if answers:
|
||||||
|
|
@ -539,7 +539,7 @@ def port_has_listener(address, port):
|
||||||
"""
|
"""
|
||||||
cmd = ['nc', '-z', address, str(port)]
|
cmd = ['nc', '-z', address, str(port)]
|
||||||
result = subprocess.call(cmd)
|
result = subprocess.call(cmd)
|
||||||
return not(bool(result))
|
return not (bool(result))
|
||||||
|
|
||||||
|
|
||||||
def assert_charm_supports_ipv6():
|
def assert_charm_supports_ipv6():
|
||||||
|
|
|
||||||
|
|
@ -409,6 +409,9 @@ def get_requests_for_local_unit(relation_name=None):
|
||||||
relation_name = relation_name or 'certificates'
|
relation_name = relation_name or 'certificates'
|
||||||
bundles = []
|
bundles = []
|
||||||
for rid in relation_ids(relation_name):
|
for rid in relation_ids(relation_name):
|
||||||
|
sent = relation_get(rid=rid, unit=local_unit())
|
||||||
|
legacy_keys = ['certificate_name', 'common_name']
|
||||||
|
is_legacy_request = set(sent).intersection(legacy_keys)
|
||||||
for unit in related_units(rid):
|
for unit in related_units(rid):
|
||||||
data = relation_get(rid=rid, unit=unit)
|
data = relation_get(rid=rid, unit=unit)
|
||||||
if data.get(raw_certs_key):
|
if data.get(raw_certs_key):
|
||||||
|
|
@ -416,6 +419,14 @@ def get_requests_for_local_unit(relation_name=None):
|
||||||
'ca': data['ca'],
|
'ca': data['ca'],
|
||||||
'chain': data.get('chain'),
|
'chain': data.get('chain'),
|
||||||
'certs': json.loads(data[raw_certs_key])})
|
'certs': json.loads(data[raw_certs_key])})
|
||||||
|
elif is_legacy_request:
|
||||||
|
bundles.append({
|
||||||
|
'ca': data['ca'],
|
||||||
|
'chain': data.get('chain'),
|
||||||
|
'certs': {sent['common_name']:
|
||||||
|
{'cert': data.get(local_name + '.server.cert'),
|
||||||
|
'key': data.get(local_name + '.server.key')}}})
|
||||||
|
|
||||||
return bundles
|
return bundles
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -450,6 +450,7 @@ class IdentityServiceContext(OSContextGenerator):
|
||||||
int_host = format_ipv6_addr(int_host) or int_host
|
int_host = format_ipv6_addr(int_host) or int_host
|
||||||
svc_protocol = rdata.get('service_protocol') or 'http'
|
svc_protocol = rdata.get('service_protocol') or 'http'
|
||||||
auth_protocol = rdata.get('auth_protocol') or 'http'
|
auth_protocol = rdata.get('auth_protocol') or 'http'
|
||||||
|
admin_role = rdata.get('admin_role') or 'Admin'
|
||||||
int_protocol = rdata.get('internal_protocol') or 'http'
|
int_protocol = rdata.get('internal_protocol') or 'http'
|
||||||
api_version = rdata.get('api_version') or '2.0'
|
api_version = rdata.get('api_version') or '2.0'
|
||||||
ctxt.update({'service_port': rdata.get('service_port'),
|
ctxt.update({'service_port': rdata.get('service_port'),
|
||||||
|
|
@ -461,6 +462,7 @@ class IdentityServiceContext(OSContextGenerator):
|
||||||
'admin_tenant_name': rdata.get('service_tenant'),
|
'admin_tenant_name': rdata.get('service_tenant'),
|
||||||
'admin_user': rdata.get('service_username'),
|
'admin_user': rdata.get('service_username'),
|
||||||
'admin_password': rdata.get('service_password'),
|
'admin_password': rdata.get('service_password'),
|
||||||
|
'admin_role': admin_role,
|
||||||
'service_protocol': svc_protocol,
|
'service_protocol': svc_protocol,
|
||||||
'auth_protocol': auth_protocol,
|
'auth_protocol': auth_protocol,
|
||||||
'internal_protocol': int_protocol,
|
'internal_protocol': int_protocol,
|
||||||
|
|
|
||||||
|
|
@ -310,7 +310,7 @@ def ssh_known_hosts_lines(application_name, user=None):
|
||||||
for hosts_line in hosts:
|
for hosts_line in hosts:
|
||||||
if hosts_line.rstrip():
|
if hosts_line.rstrip():
|
||||||
known_hosts_list.append(hosts_line.rstrip())
|
known_hosts_list.append(hosts_line.rstrip())
|
||||||
return(known_hosts_list)
|
return known_hosts_list
|
||||||
|
|
||||||
|
|
||||||
def ssh_authorized_keys_lines(application_name, user=None):
|
def ssh_authorized_keys_lines(application_name, user=None):
|
||||||
|
|
@ -327,7 +327,7 @@ def ssh_authorized_keys_lines(application_name, user=None):
|
||||||
for authkey_line in keys:
|
for authkey_line in keys:
|
||||||
if authkey_line.rstrip():
|
if authkey_line.rstrip():
|
||||||
authorized_keys_list.append(authkey_line.rstrip())
|
authorized_keys_list.append(authkey_line.rstrip())
|
||||||
return(authorized_keys_list)
|
return authorized_keys_list
|
||||||
|
|
||||||
|
|
||||||
def ssh_compute_remove(public_key, application_name, user=None):
|
def ssh_compute_remove(public_key, application_name, user=None):
|
||||||
|
|
|
||||||
|
|
@ -12,4 +12,6 @@ signing_dir = {{ signing_dir }}
|
||||||
{% if service_type -%}
|
{% if service_type -%}
|
||||||
service_type = {{ service_type }}
|
service_type = {{ service_type }}
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
service_token_roles = {{ admin_role }}
|
||||||
|
service_token_roles_required = True
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
|
|
||||||
|
|
@ -22,4 +22,6 @@ signing_dir = {{ signing_dir }}
|
||||||
{% if use_memcache == true %}
|
{% if use_memcache == true %}
|
||||||
memcached_servers = {{ memcache_url }}
|
memcached_servers = {{ memcache_url }}
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
service_token_roles = {{ admin_role }}
|
||||||
|
service_token_roles_required = True
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,11 @@
|
||||||
|
{% if auth_host -%}
|
||||||
|
[service_user]
|
||||||
|
send_service_user_token = true
|
||||||
|
auth_type = password
|
||||||
|
auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
|
||||||
|
project_domain_id = default
|
||||||
|
user_domain_id = default
|
||||||
|
project_name = {{ admin_tenant_name }}
|
||||||
|
username = {{ admin_user }}
|
||||||
|
password = {{ admin_password }}
|
||||||
|
{% endif -%}
|
||||||
|
|
@ -1323,7 +1323,7 @@ def _check_listening_on_services_ports(services, test=False):
|
||||||
@param test: default=False, if False, test for closed, otherwise open.
|
@param test: default=False, if False, test for closed, otherwise open.
|
||||||
@returns OrderedDict(service: [port-not-open, ...]...), [boolean]
|
@returns OrderedDict(service: [port-not-open, ...]...), [boolean]
|
||||||
"""
|
"""
|
||||||
test = not(not(test)) # ensure test is True or False
|
test = not (not (test)) # ensure test is True or False
|
||||||
all_ports = list(itertools.chain(*services.values()))
|
all_ports = list(itertools.chain(*services.values()))
|
||||||
ports_states = [port_has_listener('0.0.0.0', p) for p in all_ports]
|
ports_states = [port_has_listener('0.0.0.0', p) for p in all_ports]
|
||||||
map_ports = OrderedDict()
|
map_ports = OrderedDict()
|
||||||
|
|
@ -1579,7 +1579,7 @@ def is_unit_paused_set():
|
||||||
with unitdata.HookData()() as t:
|
with unitdata.HookData()() as t:
|
||||||
kv = t[0]
|
kv = t[0]
|
||||||
# transform something truth-y into a Boolean.
|
# transform something truth-y into a Boolean.
|
||||||
return not(not(kv.get('unit-paused')))
|
return not (not (kv.get('unit-paused')))
|
||||||
except Exception:
|
except Exception:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
@ -2177,7 +2177,7 @@ def is_unit_upgrading_set():
|
||||||
with unitdata.HookData()() as t:
|
with unitdata.HookData()() as t:
|
||||||
kv = t[0]
|
kv = t[0]
|
||||||
# transform something truth-y into a Boolean.
|
# transform something truth-y into a Boolean.
|
||||||
return not(not(kv.get('unit-upgrading')))
|
return not (not (kv.get('unit-upgrading')))
|
||||||
except Exception:
|
except Exception:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -952,7 +952,7 @@ def pwgen(length=None):
|
||||||
random_generator = random.SystemRandom()
|
random_generator = random.SystemRandom()
|
||||||
random_chars = [
|
random_chars = [
|
||||||
random_generator.choice(alphanumeric_chars) for _ in range(length)]
|
random_generator.choice(alphanumeric_chars) for _ in range(length)]
|
||||||
return(''.join(random_chars))
|
return ''.join(random_chars)
|
||||||
|
|
||||||
|
|
||||||
def is_phy_iface(interface):
|
def is_phy_iface(interface):
|
||||||
|
|
|
||||||
|
|
@ -222,6 +222,10 @@ CLOUD_ARCHIVE_POCKETS = {
|
||||||
'yoga/proposed': 'focal-proposed/yoga',
|
'yoga/proposed': 'focal-proposed/yoga',
|
||||||
'focal-yoga/proposed': 'focal-proposed/yoga',
|
'focal-yoga/proposed': 'focal-proposed/yoga',
|
||||||
'focal-proposed/yoga': 'focal-proposed/yoga',
|
'focal-proposed/yoga': 'focal-proposed/yoga',
|
||||||
|
|
||||||
|
# OVN
|
||||||
|
'focal-ovn-22.03': 'focal-updates/ovn-22.03',
|
||||||
|
'focal-ovn-22.03/proposed': 'focal-proposed/ovn-22.03',
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -677,6 +681,7 @@ def add_source(source, key=None, fail_invalid=False):
|
||||||
(r"^cloud-archive:(.*)$", _add_apt_repository),
|
(r"^cloud-archive:(.*)$", _add_apt_repository),
|
||||||
(r"^((?:deb |http:|https:|ppa:).*)$", _add_apt_repository),
|
(r"^((?:deb |http:|https:|ppa:).*)$", _add_apt_repository),
|
||||||
(r"^cloud:(.*)-(.*)\/staging$", _add_cloud_staging),
|
(r"^cloud:(.*)-(.*)\/staging$", _add_cloud_staging),
|
||||||
|
(r"^cloud:(.*)-(ovn-.*)$", _add_cloud_distro_check),
|
||||||
(r"^cloud:(.*)-(.*)$", _add_cloud_distro_check),
|
(r"^cloud:(.*)-(.*)$", _add_cloud_distro_check),
|
||||||
(r"^cloud:(.*)$", _add_cloud_pocket),
|
(r"^cloud:(.*)$", _add_cloud_pocket),
|
||||||
(r"^snap:.*-(.*)-(.*)$", _add_cloud_distro_check),
|
(r"^snap:.*-(.*)-(.*)$", _add_cloud_distro_check),
|
||||||
|
|
@ -740,6 +745,11 @@ def _add_apt_repository(spec):
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def __write_sources_list_d_actual_pocket(file, actual_pocket):
|
||||||
|
with open('/etc/apt/sources.list.d/{}'.format(file), 'w') as apt:
|
||||||
|
apt.write(CLOUD_ARCHIVE.format(actual_pocket))
|
||||||
|
|
||||||
|
|
||||||
def _add_cloud_pocket(pocket):
|
def _add_cloud_pocket(pocket):
|
||||||
"""Add a cloud pocket as /etc/apt/sources.d/cloud-archive.list
|
"""Add a cloud pocket as /etc/apt/sources.d/cloud-archive.list
|
||||||
|
|
||||||
|
|
@ -759,8 +769,9 @@ def _add_cloud_pocket(pocket):
|
||||||
'Unsupported cloud: source option %s' %
|
'Unsupported cloud: source option %s' %
|
||||||
pocket)
|
pocket)
|
||||||
actual_pocket = CLOUD_ARCHIVE_POCKETS[pocket]
|
actual_pocket = CLOUD_ARCHIVE_POCKETS[pocket]
|
||||||
with open('/etc/apt/sources.list.d/cloud-archive.list', 'w') as apt:
|
__write_sources_list_d_actual_pocket(
|
||||||
apt.write(CLOUD_ARCHIVE.format(actual_pocket))
|
'cloud-archive{}.list'.format('' if 'ovn' not in pocket else '-ovn'),
|
||||||
|
actual_pocket)
|
||||||
|
|
||||||
|
|
||||||
def _add_cloud_staging(cloud_archive_release, openstack_release):
|
def _add_cloud_staging(cloud_archive_release, openstack_release):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue