From 03469343bf8071131dd297e5d53e861ed5c8ba46 Mon Sep 17 00:00:00 2001 From: alesstimec Date: Tue, 4 Jul 2023 10:36:17 +0200 Subject: [PATCH] k8s charm: Fix for the vault relation. Charm now persists vault data in unit state and ensures the file is pushed to the workload container on every update. --- charms/jimm-k8s/src/charm.py | 30 ++++++++++++++++++++---- charms/jimm-k8s/tests/unit/test_charm.py | 3 ++- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/charms/jimm-k8s/src/charm.py b/charms/jimm-k8s/src/charm.py index 80f5a12b5..b42a766fc 100755 --- a/charms/jimm-k8s/src/charm.py +++ b/charms/jimm-k8s/src/charm.py @@ -79,6 +79,7 @@ def __init__(self, *args): super().__init__(*args) self._state = State(self.app, lambda: self.model.get_relation("peer")) + self._unit_state = State(self.unit, lambda: self.model.get_relation("peer")) self.framework.observe(self.on.peer_relation_changed, self._on_peer_relation_changed) self.framework.observe(self.on.jimm_pebble_ready, self._on_jimm_pebble_ready) @@ -214,6 +215,7 @@ def _update_workload(self, event): return self._ensure_bakery_agent_file(event) + self._ensure_vault_file(event) self._install_dashboard(event) dns_name = self._get_dns_name(event) @@ -282,6 +284,7 @@ def _update_workload(self, event): else: logger.info("workload container not ready - defering") event.defer() + return dashboard_relation = self.model.get_relation("dashboard") if dashboard_relation and self.unit.is_leader(): @@ -385,6 +388,7 @@ def _install_dashboard(self, event): # this event. if not container.can_connect(): event.defer() + return # fetch the resource filename try: @@ -465,10 +469,14 @@ def _on_vault_relation_joined(self, event): event.relation.data[self.unit]["access_address"] = json.dumps(self._get_network_address(event)) event.relation.data[self.unit]["isolated"] = json.dumps(False) - @requires_state_setter - def _on_vault_relation_changed(self, event): + def _ensure_vault_file(self, event): container = self.unit.get_container(WORKLOAD_CONTAINER) + if not self._unit_state.is_ready(): + logger.info("unit state not ready") + event.defer() + return + # if we can't connect to the container we should defer # this event. if not container.can_connect(): @@ -478,6 +486,16 @@ def _on_vault_relation_changed(self, event): if container.exists(self._vault_secret_filename): container.remove_path(self._vault_secret_filename) + secret_data = self._unit_state.vault_secret_data + if secret_data: + self._push_to_workload(self._vault_secret_filename, secret_data, event) + + def _on_vault_relation_changed(self, event): + if not self._unit_state.is_ready() or not self._state.is_ready(): + logger.info("state not ready") + event.defer() + return + addr = _json_data(event, "vault_url") if not addr: return @@ -492,9 +510,13 @@ def _on_vault_relation_changed(self, event): secret["data"]["role_id"] = role_id secret_data = json.dumps(secret) - self._push_to_workload(self._vault_secret_filename, secret_data, event) - self._state.vault_address = addr + logger.error("setting unit state data {}".format(secret_data)) + self._unit_state.vault_secret_data = secret_data + if self.unit.is_leader(): + self._state.vault_address = addr + + self._update_workload(event) def _path_exists_in_workload(self, path: str): """Returns true if the specified path exists in the diff --git a/charms/jimm-k8s/tests/unit/test_charm.py b/charms/jimm-k8s/tests/unit/test_charm.py index 0ad50b4ba..c0b34f78b 100644 --- a/charms/jimm-k8s/tests/unit/test_charm.py +++ b/charms/jimm-k8s/tests/unit/test_charm.py @@ -42,7 +42,8 @@ def setUp(self): self.addCleanup(self.tempdir.cleanup) self.harness.charm.framework.charm_dir = pathlib.Path(self.tempdir.name) - self.harness.add_relation("peer", "jimm") + jimm_id = self.harness.add_relation("peer", "juju-jimm-k8s") + self.harness.add_relation_unit(jimm_id, "juju-jimm-k8s/1") self.harness.container_pebble_ready("jimm") rel_id = self.harness.add_relation("ingress", "nginx-ingress")