Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add vault caching of secrets on relation test #1153

Open
wants to merge 1 commit into
base: stable/zed
Choose a base branch
from
Open

Add vault caching of secrets on relation test #1153

wants to merge 1 commit into from

Conversation

xtrusia
Copy link
Contributor

@xtrusia xtrusia commented Oct 13, 2023

This specific test is for the certificates relation to ensure that the data presented to units related to vault have a consistent set of data.

(cherry picked from commit 752e643)

@ajkavanagh @xtrusia
Add vault cachine of secrets on relation test
4ae3479 
This specific test is for the certificates relation to ensure that the
data presented to units related to vault have a consistent set of data.

(cherry picked from commit 752e643)
@ajkavanagh ajkavanagh changed the title Add vault cachine of secrets on relation test Add vault caching of secrets on relation test Oct 13, 2023
ajkavanagh
ajkavanagh requested changes Oct 13, 2023
View reviewed changes
Copy link
Contributor

@ajkavanagh ajkavanagh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This patch isn't in the stable/antelope branch (yet), so can't be merged here until it is merged in stable/antelope.

openstack-mirroring pushed a commit to openstack/charm-vault that referenced this pull request Jan 5, 2024
@mkalcok @xtrusia
Implement cert cache for vault units (v4)
56ca825 
This cache is used to store certificates and keys
issued by the leader unit. Non-leader units read
these certificates and keep data in their
"tls-certificates" relations up to date.
This ensures that charm units that receive certs
from vault can read from relation data of any
vault unit and receive correct data.

This patch is mostly the same as
I18aa6c9193379ea454851b6f60a8f331ef88a980
but improved to avoid LP#1896542 by removing
the section where a certificate can be reused
from cache during create_certs.

Co-Authored-By: Rodrigo Barbieri <rodrigo.barbieri@canonical.com>
Co-Authored-By: Alex Kavanagh <alex.kavanagh@canonical.com>

func-test-pr: openstack-charmers/zaza-openstack-tests#1153

Closes-Bug: #1940549
Closes-Bug: #1983269
Closes-Bug: #1845961
Related-Bug: #1896542
Change-Id: I0cca13d2042d61ffc6a7c13eccb0ec8c292020c9
(cherry picked from commit 1a1953b)
openstack-mirroring pushed a commit to openstack/charm-vault that referenced this pull request Jan 5, 2024
@ajkavanagh @xtrusia
Fix broken v4 caching due to leader-get asymmetry
0a18ac2 
leader-get decodes using json, but leader-set just sets the keys. This
wasn't taken into consideration when fetching all the keys to filter for
cached keys when a relation is leaving.  This is resolved in this patch.


func-test-pr: openstack-charmers/zaza-openstack-tests#1153

Change-Id: I2d44ec0c43c1ecffd9ac77a1162ead4e4a01aabe
(cherry picked from commit d925ac7)
openstack-mirroring pushed a commit to openstack/charm-vault that referenced this pull request Jan 10, 2024
@mkalcok @xtrusia
Implement cert cache for vault units (v4)
a3ff396 
This cache is used to store certificates and keys
issued by the leader unit. Non-leader units read
these certificates and keep data in their
"tls-certificates" relations up to date.
This ensures that charm units that receive certs
from vault can read from relation data of any
vault unit and receive correct data.

This patch is mostly the same as
I18aa6c9193379ea454851b6f60a8f331ef88a980
but improved to avoid LP#1896542 by removing
the section where a certificate can be reused
from cache during create_certs.

Co-Authored-By: Rodrigo Barbieri <rodrigo.barbieri@canonical.com>
Co-Authored-By: Alex Kavanagh <alex.kavanagh@canonical.com>

func-test-pr: openstack-charmers/zaza-openstack-tests#1153

Closes-Bug: #1940549
Closes-Bug: #1983269
Closes-Bug: #1845961
Related-Bug: #1896542
Change-Id: I0cca13d2042d61ffc6a7c13eccb0ec8c292020c9
(cherry picked from commit 1a1953b)
(cherry picked from commit 56ca825)
openstack-mirroring pushed a commit to openstack/charm-vault that referenced this pull request Jan 10, 2024
@ajkavanagh @xtrusia
Fix broken v4 caching due to leader-get asymmetry
9c32533 
leader-get decodes using json, but leader-set just sets the keys. This
wasn't taken into consideration when fetching all the keys to filter for
cached keys when a relation is leaving.  This is resolved in this patch.

func-test-pr: openstack-charmers/zaza-openstack-tests#1153

Change-Id: I2d44ec0c43c1ecffd9ac77a1162ead4e4a01aabe
(cherry picked from commit d925ac7)
(cherry picked from commit 0a18ac2)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajkavanagh ajkavanagh ajkavanagh requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@xtrusia @ajkavanagh