Defer processing of certificates until cert present

When ``certificates-relation-changed`` hook is called before the certificate data is present on the relation do not attempt to configure apache. Change-Id: If915451d4b0846023355edcf3a49f643e12c7522 Closes-Bug: #1822952
2019-04-09 11:53:00 +02:00 · 2019-04-09 11:53:00 +02:00 · 0faecdf97a
parent e53146ec22
commit 0faecdf97a
4 changed files with 19 additions and 4 deletions
--- a/charmhelpers/contrib/openstack/cert_utils.py
+++ b/charmhelpers/contrib/openstack/cert_utils.py
@ -220,6 +220,8 @@ def process_certificates(service_name, relation_id, unit,
    :type user: str
    :param group: (Optional) Group of certificate files. Defaults to 'root'
    :type group: str
+    :returns: True if certificates processed for local unit or False
+    :rtype: bool
    """
    data = relation_get(rid=relation_id, unit=unit)
    ssl_dir = os.path.join('/etc/apache2/ssl/', service_name)
@ -235,6 +237,8 @@ def process_certificates(service_name, relation_id, unit,
        create_ip_cert_links(
            ssl_dir,
            custom_hostname_link=custom_hostname_link)
+        return True
+    return False


 def get_requests_for_local_unit(relation_name=None):
--- a/charmhelpers/contrib/openstack/utils.py
+++ b/charmhelpers/contrib/openstack/utils.py
@ -194,7 +194,7 @@ SWIFT_CODENAMES = OrderedDict([
    ('rocky',
        ['2.18.0', '2.19.0']),
    ('stein',
-        ['2.20.0']),
+        ['2.20.0', '2.21.0']),
 ])

 # >= Liberty version->codename mapping
--- a/hooks/keystone_hooks.py
+++ b/hooks/keystone_hooks.py
@ -798,9 +798,14 @@ def certs_changed(relation_id=None, unit=None):
    # before
    @restart_on_change(restart_map(), stopstart=True)
    def write_certs_and_config():
-        process_certificates('keystone', relation_id, unit)
-        configure_https()
-    write_certs_and_config()
+        if process_certificates('keystone', relation_id, unit):
+            configure_https()
+            return True
+        return False
+    if not write_certs_and_config():
+        log('no certificates for us on the relation yet, deferring.',
+            level=INFO)
+        return
    # If enabling https the identity endpoints need updating.
    if (is_db_initialised() and is_elected_leader(CLUSTER_RES) and not
            is_unit_paused_set()):
--- a/unit_tests/test_keystone_hooks.py
+++ b/unit_tests/test_keystone_hooks.py
@ -964,8 +964,14 @@ class KeystoneRelationTests(CharmTestCase):
        is_db_initialised.return_value = True
        is_elected_leader.return_value = True
        is_unit_paused_set.return_value = False
+        process_certificates.return_value = False
        hooks.certs_changed()
        process_certificates.assert_called_once_with('keystone', None, None)
+        self.assertFalse(configure_https.called)
+        self.assertFalse(ensure_initial_admin.called)
+        process_certificates.reset_mock()
+        process_certificates.return_value = True
+        hooks.certs_changed()
        configure_https.assert_called_once_with()
        is_db_initialised.assert_called_once_with()
        is_elected_leader.assert_called_once_with('grp_ks_vips')