openstack/sunbeam-charms
Code Issues Proposed changes

[keystone-k8s] fix list-ca-certs

Browse Source 
Fix list-ca-certs to use certificates from peer
app data as string instead of secret.
Fix remove-ca-cert to read name properly.
Fix combining ca and chain to use certificates
as string from peer app data instead of as a
secret.

Change-Id: I040cbbd6980c95f51d2297019d01538c0b9c5b43
This commit is contained in:
Hemanth Nakkina 2024-02-20 10:39:10 +05:30
parent aafb79a94a
commit f8d14186d6
No known key found for this signature in database
GPG Key ID: 2E4970F7B143168E
1 changed files with 10 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
charms/keystone-k8s/src/charm.py
View File

@ -595,15 +595,16 @@ export OS_AUTH_VERSION=3
event.fail("Please run action on lead unit.") event.fail("Please run action on lead unit.")
return return
name = event.params.get("name")
certificates_str = ( certificates_str = (
self.peers.get_app_data(CERTIFICATE_TRANSFER_LABEL) or "{}" self.peers.get_app_data(CERTIFICATE_TRANSFER_LABEL) or "{}"
) )
certificates = json.loads(certificates_str) certificates = json.loads(certificates_str)
if event.name not in certificates: if name not in certificates:
event.fail("Certificate bundle does not exist") event.fail("Certificate bundle does not exist")
return return
certificates.pop(event.name) certificates.pop(name)
certificates_str = json.dumps(certificates) certificates_str = json.dumps(certificates)
self.peers.set_app_data({CERTIFICATE_TRANSFER_LABEL: certificates_str}) self.peers.set_app_data({CERTIFICATE_TRANSFER_LABEL: certificates_str})
self._handle_certificate_transfers() self._handle_certificate_transfers()
@ -614,14 +615,11 @@ export OS_AUTH_VERSION=3
event.fail("Please run action on lead unit.") event.fail("Please run action on lead unit.")
return return
certs_secret_id = self.peers.get_app_data(CERTIFICATE_TRANSFER_LABEL) certificates_str = (
if certs_secret_id: self.peers.get_app_data(CERTIFICATE_TRANSFER_LABEL) or "{}"
certs_secret = self.model.get_secret(id=certs_secret_id) )
certificates = certs_secret.get_content() certificates = json.loads(certificates_str)
certificates = json.loads(certificates.get("certs")) event.set_results(certificates)
event.set_results(certificates)
else:
event.set_results({})
def _on_peer_data_changed(self, event: RelationChangedEvent): def _on_peer_data_changed(self, event: RelationChangedEvent):
"""Process fernet updates if possible.""" """Process fernet updates if possible."""
@ -1706,24 +1704,13 @@ export OS_AUTH_VERSION=3
relation_id, relation_name, ops_response=response relation_id, relation_name, ops_response=response
) )
def _get_combined_ca_and_chain(self, certs_secret=None) -> (str, list): def _get_combined_ca_and_chain(self) -> (str, list):
"""Combine all certs for CA and chain. """Combine all certs for CA and chain.
Action add-ca-certs allows to add multiple CA cert and chain certs. Action add-ca-certs allows to add multiple CA cert and chain certs.
Combine all CA certs in the secret and chains in the secret. Combine all CA certs in the secret and chains in the secret.
""" """
if not certs_secret: certificates = self.peers.get_app_data(CERTIFICATE_TRANSFER_LABEL)
certs_secret_id = self.peers.get_app_data(
CERTIFICATE_TRANSFER_LABEL
)
if not certs_secret_id:
logger.debug("No certificates to transfer")
return "", []
certs_secret = self.model.get_secret(id=certs_secret_id)
certificates = certs_secret.get_content()
certificates = json.loads(certificates.get("certs"))
if not certificates: if not certificates:
logger.debug("No certificates to transfer") logger.debug("No certificates to transfer")
return "", [] return "", []