Resolve hostnames if needed to allow access in ufw

In some cases juju 1.25 (with maas 1.9) may return a hostname in the
private-address field breaking the assumption that private-address will
always be an IP address. This patch uses socket.getaddrinfo() to assure
an IP address is given to ufw.

Change-Id: I99b0110beed6075164eb549ec2433071af699c04
Closes-Bug: 1747516

lib/swift_storage_utils.py

@@ -1,6 +1,7 @@
 import json
 import os
 import re
+import socket
 import subprocess
 import shutil
 import tempfile
@@ -136,6 +137,20 @@ FIRST = 1
 KV_DB_PATH = '/var/lib/juju/swift_storage/charm_kvdata.db'
 
 
+def _ensure_ip(value):
+    """Ensure to always return an ip address.
+
+    :param value: IP address or domain
+
+    See LP: #1747516
+    """
+    if not value:
+        return value
+
+    resp = socket.getaddrinfo(value, None)
+    return resp[0][4][0]
+
+
 def ensure_swift_directories():
     '''
     Ensure all directories required for a swift storage node exist with
@@ -620,7 +635,7 @@ def setup_ufw():
     allowed_hosts = RsyncContext()().get('allowed_hosts', '').split(' ')
 
     # Storage clients (swift-proxy)
-    allowed_hosts += [ingress_address(rid=u.rid, unit=u.unit)
+    allowed_hosts += [_ensure_ip(ingress_address(rid=u.rid, unit=u.unit))
                       for u in iter_units_for_relation_name('swift-storage')]
 
     # Grant access for peers and clients

unit_tests/test_swift_storage_utils.py

@@ -500,3 +500,10 @@ class SwiftStorageUtilsTests(CharmTestCase):
             for port in ports:
                 calls.append(call(addr, port))
         mock_grant_access.assert_has_calls(calls)
+
+    def test_ensure_ip(self):
+        self.assertEqual(swift_utils._ensure_ip('ubuntu.com'), '91.189.94.40')
+        self.assertEqual(swift_utils._ensure_ip('91.189.94.40'),
+                         '91.189.94.40')
+        self.assertEqual(swift_utils._ensure_ip('2001:67c:1560:8001::14'),
+                         '2001:67c:1560:8001::14')