Commit Graph

1594 Commits

Author SHA1 Message Date
Alex Kavanagh 16b543572d Updates for caracal tox.ini
Update the tox.ini file(s) to use the constraints file from
zaza-openstack-tests.

Change-Id: Ied77c915fd5dbfdf9a15acee0b721a352307e3dc
2024-02-24 20:11:45 +00:00
Alex Kavanagh 004576e82b Updates for caracal testing support
These updates, on the master branch, are to support testing the caracal
packages and support of the charms for caracal.  They do NOT lock the charms
down, and don't change the testing branches to stable branches.

Change-Id: If3fd48454e7959fdd6e2e1708b80a97c76576063
2024-02-12 18:19:56 +00:00
Zuul ae431710e0 Merge "Adds service_user_id into relation data" 2024-01-15 18:48:09 +00:00
Erlon R. Cruz 86a323abfe Adds service_user_id into relation data
This is necessary to avoid collisions between
same usernames used service users.

Depends-on: I4fbfa8fba84b11c4e30e4db9a0c358db1e8c94f1
Closes-Bug: #2030755
Change-Id: I500fd131cbd6cd5c2b38fdbe81b8b48e50a3e3f7
2023-10-24 16:11:37 -03:00
Alex Kavanagh 85571b5837 Improve platform mocking
Patch out charmhelpers.osplatform.get_platform() and
charmhelpers.core.host.lsb_release() globally in the unit tests to
insulate the unit tests from the platform that the unit tests are being
run on.

Change-Id: I4fbfa8fba84b11c4e30e4db9a0c358db1e8c94f1
2023-10-24 18:40:05 +01:00
zhhuabj b4ee292bb6 Support disabling apache wsgi socket rotation
Bug LP 1863232 introduced a new Apache configuration option called
WSGISocketRotation which allows users to disable wsgi socket
rotation. This patch makes this configurable with a new
wsgi-socket-rotation config option that defaults to the Apache
default and can optionally be set to False.

Closes-Bug: #2021550
Change-Id: Ia5852c3ebe84bd0355670f262cbe5e1cd433a08d
2023-09-04 18:33:51 +08:00
Alex Kavanagh b65d861ae3 Ensure get_requests_for_local_unit doesn't fail on incomplete relation
This is a rebuild/make sync for charms to pickup the fix in charmhelpers to fix
any inadvertant accesses of ['ca'] in the relation data before it is available
from vault in the certificates relation.  Fix in charmhelpers is in [1].

[1] https://github.com/juju/charm-helpers/pull/824
Closes-Bug: #2028683

Change-Id: I3117e17bc89254031ac244842d868ed1ed5af9ba
2023-08-14 11:03:41 +01:00
Corey Bryant 16b009d743 Add 2023.2 Bobcat support
* sync charm-helpers to classic charms
* change openstack-origin/source default to bobcat
* add mantic to metadata series
* align testing with bobcat
* add new bobcat bundles
* add bobcat bundles to tests.yaml
* add bobcat tests to osci.yaml
* update build-on and run-on bases
* drop kinetic
* update charmcraft_channel to 2.x/stable

Change-Id: I6893deebdd105fb794dc06907b9366354d3e4ce0
2023-08-02 14:18:10 -04:00
Zuul b193e39009 Merge "Add package-upgrade action" 2023-06-29 21:53:02 +00:00
Zuul 6b06af2472 Merge "Add docs key and point at Discourse" 2023-06-28 15:40:31 +00:00
Peter Matulis e9368e4b79 Add docs key and point at Discourse
Add the 'docs' key and point it at a Discourse topic
previously populated with the charm's README contents.

When the new charm revision is released to the Charmhub,
this Discourse-based content will be displayed there. In
the absense of the this new key, the Charmhub's default
behaviour is to display the value of the charm's
'description' key.

Change-Id: I6a9834d838803b6eea967e7c15be9fe7fe0ca052
2023-06-28 00:07:25 -04:00
Edward Hope-Morley 0cb787bb9d Make role-cache-expiration configurable
We use a default expiration_time (dogpile-expiration-time)
of 600s which means that role assignments will take up to
this amount of time before all caches are updated to
reflect changes. This may not be suitable for some clouds
that make frequent changes to role assignments and lowering
the global value is not recommended so this overrides the
[role] cache_time to a more appropriate value and also
makes it configurable. We leave default value as None so
that the global value is still inherited but this at least
allows it to be customised.

Change-Id: I49e46e010c543f831959581b2122f59068f2c07b
Closes-Bug: #1771114
2023-06-09 16:29:59 +01:00
Corey Bryant ac87b4bce5 Add package-upgrade action
The package-upgrade action performs package upgrades for the current
OpenStack release.

The code path used is similar to the openstack-upgrade action, with the
difference being that package-upgrade will not execute if an openstack
upgrade is available (based on the openstack-origin setting).

This change includes a charm-helpers sync.

Change-Id: Ifd99ea307a6e4d1d034d7c1e494e2cd8abd894e9
2023-06-02 11:23:25 +01:00
Liam Young 23e2642b41 Charmhelper sync for https() pending request fix
Sync charmhelpers to pull in fix to https() so it returns false
if there is a pending certificate request

Change-Id: I6e79570070fb3b6aa85485bbb40a820cb352c68e
Closes-Bug: #2015103
2023-05-04 11:50:00 +00:00
Corey Bryant be8600d97c Enable jammy-antelope voting and drop kinetic-zed tests
* Voting was turned on for jammy-antelope in the
  project-template for charm-functional-jobs in zosci-config
* Voting for jammy-antelope bundles with non-standard names
  is turned on in individual charms
* Kinetic-zed bundles/tests are removed

Change-Id: I18f3112b7fca0e6af35aa4f6231b9ca9a5414a3e
2023-03-29 21:01:49 +00:00
Alex Kavanagh 3ea0c428a2 Restart keystone's apache2 if mysql passwd rotated
When the mysql password is changed via the shared-db relation, the
shared-db hook handler needs to restart keystone's apache2 so that the
password is picked up and used by keystone during the rest of the hook.

Change-Id: I37ed94d5937a9abf46fd12cd6f230ddb5a298b0e
2023-03-27 11:46:52 +01:00
Zuul 9bdc83792b Merge "Add Antelope support" 2023-03-10 18:52:02 +00:00
Corey Bryant 645ee87686 Add Antelope support
* sync charm-helpers to classic charms
* change openstack-origin/source default to antelope
* align testing with antelope
* add new antelope bundles
* add antelope bundles to tests.yaml
* add antelope tests to osci.yaml and .zuul.yaml
* update build-on and run-on bases

Change-Id: Iae257f880194aebfd8ba3002b7cf74a84fcfb9c9
2023-03-07 19:07:12 +00:00
Zuul 0f974bb539 Merge "Add service user password rotation actions" 2023-02-28 18:40:15 +00:00
Alex Kavanagh 2271a961b7 Add service user password rotation actions
This patch adds two actions:

 1. An action to list the service usernames that can be rotated.
 2. An action to rotate a service username that is on the list of
    usernames that can be rotated.

Change-Id: I3a8a6af7ec8b0ea32da04eff34fafd32f43cee0e
func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1005
2023-02-24 18:57:02 +00:00
Gabriel Cocenza 04480c4ff4 Add support for HAProxy L7 checks
This change add several configuration options to enable HTTP checks
to the HAProxy configuration, instead of the default TCP connection
checks (which continue to be the default)

Closes-Bug: #1880610
Change-Id: I50a9442ae66da71793a5e9904d23c26d1fbbdf42
2023-02-17 20:45:04 +00:00
Arif Ali b5c4eb2eae
Add auth_ttl into keystone.conf
There is a requirement for some end users where we need to specify
auth_ttl to a higher level. This should help with these users

Change-Id: Ifd515d7c103a6b24c4f5da500442406f04fb372f
2023-01-19 08:09:53 +00:00
Liam Young 5773a13ccb Fix charm for tox4 compatibility
Related-Bug: 2002788
Change-Id: I3784e6f54251aa0df58bc3ace0ea5a128ef63166
2023-01-13 14:00:36 +00:00
Bas de Bruijne 6e5189646f Use juju-exec in chron jobs for juju3 support
Change-Id: Id2a92a134c2e663b3dca10dbc36dd7c7afc9c86b
2022-12-08 15:56:43 -04:00
Jorge Merlino 55bd702224 Add admin-role parameter value to identity relation
This parameter is added to the relation in order to configure service
tokens on related services. The role of the service user is required for
service token validation.

Closes-Bug: #1992840
Change-Id: Id7e84d38a9f774179808137548307c9174a87f87
2022-10-13 16:26:08 -03:00
Alex Kavanagh 2c33c74c8f Ensure openstack-release package is correct after install hook
The linked bug shows the install of the charm with openstack-origin set
to zed.  This happens because configure_installation_source() causes the
openstack-release package to be installed *before* the zed cloud archive
sources are configured into /etc/apt and an apt update done. This means
that the openstack-release package says "yoga" despite the zed packages
actually being installed.

Then, on the config-changed hook, it sees that the installed version is
showing as yoga and tries to do an upgrade.  This fails, as the charm
hasn't yet bootstrapped, and the charm tries to bootstrap after
upgrading the packages.

There's a few bugs here which are exposed, but the tactical fix is to
force the openstack-release to match the installed packages.

Change-Id: I3f47daf6bda6b62ffe4152ede2709f802f0ab606
Closes-Bug: #1989538
2022-09-14 16:27:57 +01:00
Alex Kavanagh d9074b28c1 Ensure that kinetic/22.10 is enabled
This patch adds kinetic to the metadata.yaml and ensures
that a run-on base for 22.10 is added in the
charmcraft.yaml

Change-Id: If25f1ddf91af0c1ddedc8e8c470ce70e61838424
2022-08-31 20:07:08 +01:00
Zuul dafc5c7292 Merge "Add Kinetic and Zed support" 2022-08-30 03:52:39 +00:00
Corey Bryant 29d03fc673 Add Kinetic and Zed support
* sync charm-helpers to classic charms
* change openstack-origin/source default to zed
* align testing with zed
* add new zed bundles
* add zed bundles to tests.yaml
* add zed tests to osci.yaml and .zuul.yaml
* update build-on and run-on bases
* add bindep.txt for py310
* sync tox.ini and requirements.txt for ruamel
* use charmcraft_channel 2.0/stable
* drop reactive plugin overrides
* move interface/layer env vars to charmcraft.yaml

Change-Id: Idf4a6cd1e0888576f890b00aa5b343936900d6dd
2022-08-26 18:40:36 +00:00
Felipe Reyes cdce143628 Include openidc-*.conf in Apache.
This change adds a new configuration in line Apache's frontend
configuration to include (if present) the files generated by the
keystone-openidc charm to configure Open ID Connect configuration

Change-Id: I8c96b1f1ffad84d57276fd60461c1aee60b32d3b
2022-07-26 18:07:42 -04:00
sudeephb 965d292bd4 Validate vip address
Validates if the provided vip address(es) are in the subnet that the unit is in. If not, shows the message with invalid vips along with 'blocked' status.

Closes-Bug: #1958178
Change-Id: I6bb3e21f3934d6d2483564fba9216504a62d15dc
2022-07-13 21:27:03 +05:45
Zuul 9b2f7e545d Merge "Refactor admin password related actions code for better maintenance" 2022-05-16 10:24:44 +00:00
Hemanth Nakkina f5d9b9ed40 New option default_authorization_ttl
Add new option default_authorization_ttl used for
federation to set validity of group memberships
coming from a mapping.

Closes-Bug: #1970388
Change-Id: I4a8dbc501e14d1201ceed27077554924c56e3abd
2022-05-16 12:05:15 +05:30
Alex Kavanagh a76a3d9599 charm-helpers sync for yoga release
Change-Id: Ib21e44b375ff7bb307908ba9f1c6bd51075e843e
2022-04-07 12:18:30 +01:00
Zuul 097556b753 Merge "Updates to enable jammy and finalise charmcraft builds" 2022-04-05 17:43:34 +00:00
Alex Kavanagh 7508c6104e Updates to enable jammy and finalise charmcraft builds
- Add 22.04 to charmcraft.yaml
- Update metadata to include jammy
- Remove impish from metadata
- Update osci.yaml to include py3.10 default job
- Modify tox.ini to remove py35,py36,py37 tox target and add py310
  target.
- ensure that the openstack-origin is yoga

Change-Id: I82a3ae55422e0871bddf37debf1089c9a9a3e843
2022-04-05 15:11:41 +01:00
Edward Hope-Morley 9e8c0c9928 Ensure service name is not None before lookup
We need to ensure value for 'service' provided on
identity relation before doing valid_services lookup.

Change-Id: I42fb9dbb48b3bcf8fd40700db84ec8210b8433a4
Related-Bug: #1965967
2022-04-04 14:39:26 +01:00
Edward Hope-Morley 08960ba9b7 Set service_type on identity relation
Also applies osci.yaml fix for Jammy.

Change-Id: I4cf5d8c0855bb9a3cd6068335fe8100366c0a66d
Related-Bug: #1965967
2022-03-29 14:21:51 +01:00
Tianqi c3587026cc Refactor admin password related actions code for better maintenance
Moved rotate-admin-password action to admin-password.py and made
changes to the unit test accordingly. Putting admin password
related actions together will reduce confusion and improve
maintainability

Change-Id: I27f8d3a279833dde5f6021e9d78a5ab2f05445b2
2022-03-28 18:21:31 -04:00
Pedro Castillo ae178d7471 Add rotate-admin-password action
This action allows the user to easily rotate the admin user's
password by replacing it with a randomly generated one.

Change-Id: I6ce69be15b11b00f804d3143d835ec3ce6515865
Related-Bug: #1927280
Func-Test-PR: https://github.com/openstack-charmers/zaza-openstack-tests/pull/720
2022-03-21 19:55:34 +00:00
Tianqi 4949830cea Add get-admin-password action with unit test
Implemented a new action to provide users the possibility of
retrieving Keystone service's admin password via juju action.
The result of this action is equivalent to running
“juju run --unit {keystone unit} leader-get admin_passwd”.

Closes-Bug: #1858657
Change-Id: I231c4b73016f7e7b4ba7f06219dd8e212402a339
2022-03-04 21:51:03 +00:00
Liam Young 6f4894ea13 Related charm specify roles to be granted to admin
A charm joined to keystone via the identity-service relation can
now specify additional roles that can be granted to admin. This
is done by setting the relation data key `add_role_to_admin` the
value is a comma seperated list of roles that should be granted
to admin.

Change-Id: I7ecac3d64eece1845dc963886e09cc2be149ae03
2022-02-25 13:19:40 +00:00
Alex Kavanagh ebc532bde3 Update to classic charms to build using charmcraft in CI
This update is to ensure that the Zuul Canonical CI builds the charm
before functional tests and ensure that that artifact is used for the
functional tests.  This is to try to ensure that the charm that gets
landed to the charmhub is the same charm that was tested with.

Change-Id: Ia2f3bcba500de242a93d9f0bf073a9c5c3aad89a
2022-02-17 18:22:09 -07:00
Alex Kavanagh 4d30bdd203 Migrate charm to charmhub latest/edge track
Change-Id: I6c63e64dd7a1150cc4a1a1dae680157e2c47b6a3
2022-01-27 20:30:46 +00:00
Zuul 074bb1f26c Merge "Use unittest.mock instead of mock" 2021-12-16 10:22:05 +00:00
Zuul 24a263a14d Merge "Add CMR gate test for vault <-> keystone" 2021-12-15 22:15:43 +00:00
Zuul b56dd72545 Merge "Fix keystone charm path setting in test bundles" 2021-12-14 16:13:04 +00:00
Hervé Beraud 9a5bf82fae Use unittest.mock instead of mock
The mock third party library was needed for mock support in py2
runtimes. Since we now only support py36 and later, we can use the
standard lib unittest.mock module instead.

Note that https://github.com/openstack/charms.openstack is used during tests
and he need `mock`, unfortunatelly it doesn't declare `mock` in its
requirements so it retrieve mock from other charm project (cross dependency).
So we depend on charms.openstack first and when
Ib1ed5b598a52375e29e247db9ab4786df5b6d142 will be merged then CI
will pass without errors.

Drop Python 3.5 testing.

Rework some unit tests that use unittest.mock features not introduced
until Python 3.7.

Depends-On: Ib1ed5b598a52375e29e247db9ab4786df5b6d142
Change-Id: I029c77ed697620725dc040d1849a691eb10c9351
2021-12-14 13:33:00 +00:00
Liam Young cca2cb4b96 Add CMR gate test for vault <-> keystone
Add a gate test to check the keystone relating to vault via a
CMR.

Change-Id: Ife14892c69cf3ab2edcd7ade1346bb227ebe4250
2021-12-14 11:09:31 +00:00
Zuul 6bf595e5da Merge "Makefile: switch to python3" 2021-12-14 10:38:26 +00:00