Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSS-4803 - Vault relation fixes and extra logging #1002

Merged
merged 9 commits into from
Jul 19, 2023
Merged

CSS-4803 - Vault relation fixes and extra logging #1002

merged 9 commits into from
Jul 19, 2023

Conversation

kian99
Copy link
Contributor

@kian99 kian99 commented Jul 17, 2023

Description

  • Fixes Vault relation that previously wasn't setting up the Vault token correctly.
  • Also added readme file with manual steps for deploying JIMM for future reference.
  • Tweaked where we obtained the Vault access address from, instead of obtaining it programatically, we use config as it will be tough to automatically determine when JIMM is deployed separately from Vault as it will be in a k8s charm.

Engineering checklist

Check only items that apply

  • Documentation updated
  • Covered by unit tests
  • Covered by integration tests

@kian99
Vault relation fixes and extra logging
43635f5 
- Also added readme file with manual steps for deploying JIMM for future reference.
@kian99
Added charm test
0dfb8d5
@kian99 kian99 requested review from alesstimec, babakks, ale8k and mina1460 and removed request for alesstimec July 17, 2023 13:45
@kian99
Modified where the vault access comes from
743af33 
- Vault access address now comes from config as it would be difficult to determine programatically
- Added test to ensure JIMM enters an error state
ale8k
ale8k approved these changes Jul 17, 2023
View reviewed changes
Copy link
Contributor

@ale8k ale8k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM bar some questions

charms/jimm-k8s/config.yaml Show resolved Hide resolved
charms/jimm-k8s/src/charm.py Show resolved Hide resolved
charms/jimm-k8s/src/charm.py Outdated Show resolved Hide resolved
charms/jimm-k8s/src/charm.py Show resolved Hide resolved
internal/jimmjwx/jwt.go Show resolved Hide resolved
alesstimec
alesstimec approved these changes Jul 19, 2023
View reviewed changes
Copy link
Collaborator

@alesstimec alesstimec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.. but i think the charm should go into blocked state if the vault-access-address is not specified.. what do you think?

charms/how-to-deploy-jimm-k8s.md
@@ -0,0 +1,48 @@
# Description
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should really live in the jaas-documentation repo..

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mmmm good point. I think we can leave it here for now and I'll move it in a follow-up

charms/jimm-k8s/src/charm.py
@@ -499,9 +507,13 @@ def _get_network_address(self, event):
return str(self.model.get_binding(event.relation).network.egress_subnets[0].network_address)

def _on_vault_relation_joined(self, event):
if self.config.get("vault-access-address") is None:
logger.error("Missing config vault-access-address for vault relation")
raise ValueError("Missing config vault-access-address for vault relation")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we just enter into blocked status if this is the case? and defer the event?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason I've set it to go into an error state instead is so that it doesn't keep re-retrying endlessly and instead you can set the missing config and then run juju resolve <charm> which will rerun the hook. Maybe that's not the right way to handle it?

@kian99 kian99 merged commit d2a93f2 into canonical:feature-rebac Jul 19, 2023
@kian99 kian99 deleted the vault-relation-fix branch July 19, 2023 13:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ale8k ale8k ale8k approved these changes

@alesstimec alesstimec alesstimec approved these changes

@babakks babakks Awaiting requested review from babakks

@mina1460 mina1460 Awaiting requested review from mina1460

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kian99 @alesstimec @ale8k