From 6dfdf18c9fb7c3f09d2bb2140ef429b6c54ec9dc Mon Sep 17 00:00:00 2001
From: Hemanth Nakkina <hemanth.nakkina@canonical.com>
Date: Sun, 31 Mar 2024 12:57:44 +0530
Subject: [PATCH] [keystone] set ownership on fernet and credential directories

In some storage providers, the ownership of fernet and
credential keys directory is root. Change this to
keystone:keystone.
In some storage providers, the fernet and credential key
directory has lost+foind directory. Ignore them while
reading the fernet keys.

Change-Id: I329bd268afb3caf088937d06b106811632fc5417
---
 charms/keystone-k8s/src/utils/manager.py | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/charms/keystone-k8s/src/utils/manager.py b/charms/keystone-k8s/src/utils/manager.py
index 4e125d88..4ca12cfa 100644
--- a/charms/keystone-k8s/src/utils/manager.py
+++ b/charms/keystone-k8s/src/utils/manager.py
@@ -195,7 +195,12 @@ class KeystoneManager(framework.Object):
         """Pull the fernet keys from the on-disk repository."""
         container = self.charm.unit.get_container(self.container_name)
         files = container.list_files(key_repository)
-        return {file.name: container.pull(file.path).read() for file in files}
+        # Ignore file type directory. This is to ignore lost+found directory
+        return {
+            file.name: container.pull(file.path).read()
+            for file in files
+            if file.type == ops.pebble.FileType.FILE
+        }
 
     def write_keys(self, key_repository: str, keys: Mapping[str, str]) -> None:
         """Update the local fernet key repository with the provided keys."""
@@ -274,6 +279,14 @@ class KeystoneManager(framework.Object):
         try:
             self._set_status("Setting up fernet tokens")
             logger.info("Setting up fernet tokens...")
+            self.run_cmd(
+                [
+                    "sudo",
+                    "chown",
+                    "keystone:keystone",
+                    "/etc/keystone/fernet-keys",
+                ]
+            )
             self.run_cmd(
                 [
                     "sudo",
@@ -296,6 +309,14 @@ class KeystoneManager(framework.Object):
         try:
             self._set_status("Setting up credentials")
             logger.info("Setting up credentials...")
+            self.run_cmd(
+                [
+                    "sudo",
+                    "chown",
+                    "keystone:keystone",
+                    "/etc/keystone/credential-keys",
+                ]
+            )
             self.run_cmd(
                 [
                     "sudo",