openstack
/
charm-heat
Code Issues Proposed changes

[train] Ensure get_requests_for_local_unit doesn't fail on incomplete relation 

This is a rebuild/make sync for charms to pickup the fix in charmhelpers to fix
any inadvertant accesses of ['ca'] in the relation data before it is available
from vault in the certificates relation.  Fix in charmhelpers is in [1].

[1] https://github.com/juju/charm-helpers/pull/832
Closes-Bug: #2028683

Change-Id: I92cff3db5aba8ca734d8a78a1875c2727360fb45
This commit is contained in:
Alex Kavanagh 2023-08-18 15:04:43 +01:00
parent ed6817083c
commit e21b394efc
9 changed files with 69 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hooks/charmhelpers/contrib/hahelpers/cluster.py
View File

@ -224,6 +224,13 @@ def https():
return True return True
if config_get('ssl_cert') and config_get('ssl_key'): if config_get('ssl_cert') and config_get('ssl_key'):
return True return True
# Local import to avoid ciruclar dependency.
import charmhelpers.contrib.openstack.cert_utils as cert_utils
if (
cert_utils.get_certificate_request() and not
cert_utils.get_requests_for_local_unit("certificates")
):
return False
for r_id in relation_ids('certificates'): for r_id in relation_ids('certificates'):
for unit in relation_list(r_id): for unit in relation_list(r_id):
ca = relation_get('ca', rid=r_id, unit=unit) ca = relation_get('ca', rid=r_id, unit=unit)
@ -327,7 +334,7 @@ def valid_hacluster_config():
''' '''
vip = config_get('vip') vip = config_get('vip')
dns = config_get('dns-ha') dns = config_get('dns-ha')
if not(bool(vip) ^ bool(dns)): if not (bool(vip) ^ bool(dns)):
msg = ('HA: Either vip or dns-ha must be set but not both in order to ' msg = ('HA: Either vip or dns-ha must be set but not both in order to '
'use high availability') 'use high availability')
status_set('blocked', msg) status_set('blocked', msg)

2
hooks/charmhelpers/contrib/network/ip.py
View File

@ -552,7 +552,7 @@ def port_has_listener(address, port):
""" """
cmd = ['nc', '-z', address, str(port)] cmd = ['nc', '-z', address, str(port)]
result = subprocess.call(cmd) result = subprocess.call(cmd)
return not(bool(result)) return not (bool(result))
def assert_charm_supports_ipv6(): def assert_charm_supports_ipv6():

30
hooks/charmhelpers/contrib/openstack/cert_utils.py
View File

@ -409,13 +409,33 @@ def get_requests_for_local_unit(relation_name=None):
relation_name = relation_name or 'certificates' relation_name = relation_name or 'certificates'
bundles = [] bundles = []
for rid in relation_ids(relation_name): for rid in relation_ids(relation_name):
sent = relation_get(rid=rid, unit=local_unit())
legacy_keys = ['certificate_name', 'common_name']
is_legacy_request = set(sent).intersection(legacy_keys)
for unit in related_units(rid): for unit in related_units(rid):
data = relation_get(rid=rid, unit=unit) data = relation_get(rid=rid, unit=unit)
if data.get(raw_certs_key): # Note: Bug#2028683 - data may not be available if the certificates
bundles.append({ # relation hasn't been populated by the providing charm. If no 'ca'
'ca': data['ca'], # in the data then don't attempt the bundle at all.
'chain': data.get('chain'), if data.get('ca'):
'certs': json.loads(data[raw_certs_key])}) if data.get(raw_certs_key):
bundles.append({
'ca': data['ca'],
'chain': data.get('chain'),
'certs': json.loads(data[raw_certs_key])
})
elif is_legacy_request:
bundles.append({
'ca': data['ca'],
'chain': data.get('chain'),
'certs': {
sent['common_name']: {
'cert': data.get(local_name + '.server.cert'),
'key': data.get(local_name + '.server.key')
}
}
})
return bundles return bundles

4
hooks/charmhelpers/contrib/openstack/ssh_migrations.py
View File

@ -310,7 +310,7 @@ def ssh_known_hosts_lines(application_name, user=None):
for hosts_line in hosts: for hosts_line in hosts:
if hosts_line.rstrip(): if hosts_line.rstrip():
known_hosts_list.append(hosts_line.rstrip()) known_hosts_list.append(hosts_line.rstrip())
return(known_hosts_list) return known_hosts_list
def ssh_authorized_keys_lines(application_name, user=None): def ssh_authorized_keys_lines(application_name, user=None):
@ -327,7 +327,7 @@ def ssh_authorized_keys_lines(application_name, user=None):
for authkey_line in keys: for authkey_line in keys:
if authkey_line.rstrip(): if authkey_line.rstrip():
authorized_keys_list.append(authkey_line.rstrip()) authorized_keys_list.append(authkey_line.rstrip())
return(authorized_keys_list) return authorized_keys_list
def ssh_compute_remove(public_key, application_name, user=None): def ssh_compute_remove(public_key, application_name, user=None):

30
hooks/charmhelpers/contrib/openstack/utils.py
View File

@ -1039,7 +1039,7 @@ def _determine_os_workload_status(
state, message, lambda: charm_func(configs)) state, message, lambda: charm_func(configs))
if state is None: if state is None:
state, message = _ows_check_services_running(services, ports) state, message = ows_check_services_running(services, ports)
if state is None: if state is None:
state = 'active' state = 'active'
@ -1213,7 +1213,12 @@ def _ows_check_charm_func(state, message, charm_func_with_configs):
return state, message return state, message
@deprecate("use ows_check_services_running() instead", "2022-05", log=juju_log)
def _ows_check_services_running(services, ports): def _ows_check_services_running(services, ports):
return ows_check_services_running(services, ports)
def ows_check_services_running(services, ports):
"""Check that the services that should be running are actually running """Check that the services that should be running are actually running
and that any ports specified are being listened to. and that any ports specified are being listened to.
@ -1320,7 +1325,7 @@ def _check_listening_on_services_ports(services, test=False):
@param test: default=False, if False, test for closed, otherwise open. @param test: default=False, if False, test for closed, otherwise open.
@returns OrderedDict(service: [port-not-open, ...]...), [boolean] @returns OrderedDict(service: [port-not-open, ...]...), [boolean]
""" """
test = not(not(test)) # ensure test is True or False test = not (not (test)) # ensure test is True or False
all_ports = list(itertools.chain(*services.values())) all_ports = list(itertools.chain(*services.values()))
ports_states = [port_has_listener('0.0.0.0', p) for p in all_ports] ports_states = [port_has_listener('0.0.0.0', p) for p in all_ports]
map_ports = OrderedDict() map_ports = OrderedDict()
@ -1544,7 +1549,7 @@ def is_unit_paused_set():
with unitdata.HookData()() as t: with unitdata.HookData()() as t:
kv = t[0] kv = t[0]
# transform something truth-y into a Boolean. # transform something truth-y into a Boolean.
return not(not(kv.get('unit-paused'))) return not (not (kv.get('unit-paused')))
except Exception: except Exception:
return False return False
@ -2143,7 +2148,7 @@ def is_unit_upgrading_set():
with unitdata.HookData()() as t: with unitdata.HookData()() as t:
kv = t[0] kv = t[0]
# transform something truth-y into a Boolean. # transform something truth-y into a Boolean.
return not(not(kv.get('unit-upgrading'))) return not (not (kv.get('unit-upgrading')))
except Exception: except Exception:
return False return False
@ -2599,6 +2604,23 @@ def get_subordinate_release_packages(os_release, package_type='deb'):
return SubordinatePackages(install, purge) return SubordinatePackages(install, purge)
def get_subordinate_services():
"""Iterate over subordinate relations and get service information.
In a similar fashion as with get_subordinate_release_packages(),
principle charms can retrieve a list of services advertised by their
subordinate charms. This is useful to know about subordinate services when
pausing, resuming or upgrading a principle unit.
:returns: Name of all services advertised by all subordinates
:rtype: Set[str]
"""
services = set()
for rdata in container_scoped_relation_get('services'):
services |= set(json.loads(rdata or '[]'))
return services
os_restart_on_change = partial( os_restart_on_change = partial(
pausable_restart_on_change, pausable_restart_on_change,
can_restart_now_f=deferred_events.check_and_record_restart_request, can_restart_now_f=deferred_events.check_and_record_restart_request,

4
hooks/charmhelpers/contrib/storage/linux/ceph.py
View File

@ -813,8 +813,10 @@ def get_mon_map(service):
ceph command fails. ceph command fails.
""" """
try: try:
octopus_or_later = cmp_pkgrevno('ceph-common', '15.0.0') >= 0
mon_status_cmd = 'quorum_status' if octopus_or_later else 'mon_status'
mon_status = check_output(['ceph', '--id', service, mon_status = check_output(['ceph', '--id', service,
'mon_status', '--format=json']) mon_status_cmd, '--format=json'])
if six.PY3: if six.PY3:
mon_status = mon_status.decode('UTF-8') mon_status = mon_status.decode('UTF-8')
try: try:

2
hooks/charmhelpers/core/host.py
View File

@ -926,7 +926,7 @@ def pwgen(length=None):
random_generator = random.SystemRandom() random_generator = random.SystemRandom()
random_chars = [ random_chars = [
random_generator.choice(alphanumeric_chars) for _ in range(length)] random_generator.choice(alphanumeric_chars) for _ in range(length)]
return(''.join(random_chars)) return ''.join(random_chars)
def is_phy_iface(interface): def is_phy_iface(interface):

2
hooks/charmhelpers/fetch/snap.py
View File

@ -52,7 +52,7 @@ def _snap_exec(commands):
:param commands: List commands :param commands: List commands
:return: Integer exit code :return: Integer exit code
""" """
assert type(commands) == list assert isinstance(commands, list)
retry_count = 0 retry_count = 0
return_code = None return_code = None

3
tox.ini
View File

@ -80,7 +80,8 @@ commands = stestr run --slowest {posargs}
[testenv:pep8] [testenv:pep8]
basepython = python3 basepython = python3
deps = flake8==3.9.2 deps = flake8==3.9.2
charm-tools==2.8.3 PyYAML==6.0.1
charm-tools==2.8.6
commands = flake8 {posargs} hooks unit_tests tests actions lib files commands = flake8 {posargs} hooks unit_tests tests actions lib files
charm-proof charm-proof