From 91394ea9d64fba5cddd80614fd97ee891dd1f3e2 Mon Sep 17 00:00:00 2001 From: Alex Kavanagh Date: Thu, 13 Feb 2020 16:03:43 +0000 Subject: [PATCH] Ensure python3-hvac is installed for charms with encypt option The referenced bug is essentially: make vault:secrets relation to vault but keep the 'encrypt' option as False. In this case, the Context handling code in charm-helpers is expecting python3-hvac to be available, but it is only installed if the encrypt option is set to True. Hence the charm crashes. This resolves that crash. Note the related charm-helpers fix [1]. [1]: https://github.com/juju/charm-helpers/pull/431 Change-Id: I92773b7c1f48d456091062751e69581fabe4c5f3 Closes-bug: #1862085 --- charmhelpers/contrib/openstack/vaultlocker.py | 14 +++++++++++++- hooks/swift_storage_hooks.py | 2 +- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/charmhelpers/contrib/openstack/vaultlocker.py b/charmhelpers/contrib/openstack/vaultlocker.py index c162de2..866a269 100644 --- a/charmhelpers/contrib/openstack/vaultlocker.py +++ b/charmhelpers/contrib/openstack/vaultlocker.py @@ -37,7 +37,19 @@ class VaultKVContext(context.OSContextGenerator): ) def __call__(self): - import hvac + try: + import hvac + except ImportError: + # BUG: #1862085 - if the relation is made to vault, but the + # 'encrypt' option is not made, then the charm errors with an + # import warning. This catches that, logs a warning, and returns + # with an empty context. + hookenv.log("VaultKVContext: trying to use hvac pythong module " + "but it's not available. Is secrets-stroage relation " + "made, but encrypt option not set?", + level=hookenv.WARNING) + # return an emptry context on hvac import error + return {} ctxt = {} # NOTE(hopem): see https://bugs.launchpad.net/charm-helpers/+bug/1849323 db = unitdata.kv() diff --git a/hooks/swift_storage_hooks.py b/hooks/swift_storage_hooks.py index 381ced4..f09a900 100755 --- a/hooks/swift_storage_hooks.py +++ b/hooks/swift_storage_hooks.py @@ -259,7 +259,7 @@ def config_changed(): def install_vaultlocker(): """Determine whether vaultlocker is required and install""" if config('encrypt'): - pkgs = ['vaultlocker', 'python-hvac'] + pkgs = ['vaultlocker'] installed = len(filter_installed_packages(pkgs)) == 0 if not installed: apt_install(pkgs, fatal=True)