openstack
/
charm-vault
Code Issues Proposed changes

Add support for MySQL 

Add support for MySQL secret store.

Depends-On: Iebb2415077b682dfdf590b4b5f35a3c593ed3d69
Change-Id: I05a04bdc237b2a698b2f2d29e18c5a33510a2513
This commit is contained in:
Liam Young 2018-04-12 15:50:59 +00:00
parent d4e1b83d44
commit 212fd855c6
9 changed files with 93 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/layer.yaml
View File

@ -3,6 +3,7 @@ includes:
- layer:snap
- interface:nrpe-external-master
- interface:pgsql
- interface:mysql-shared
options:
basic:
packages:

2
src/metadata.yaml
View File

@ -19,6 +19,8 @@ tags:
requires:
db:
interface: pgsql
shared-db:
interface: mysql-shared
provides:
nrpe-external-master:
interface: nrpe-external-master

52
src/reactive/vault.py
View File

@ -55,17 +55,9 @@ def ssl_available(config):
return True
@when('snap.installed.vault')
@when_not('configured')
@when('db.master.available')
@when('vault.schema.created')
@when('vault.ssl.configured')
def configure_vault(psql):
context = {
'db_conn': psql.master,
'disable_mlock': config()['disable-mlock'],
'ssl_available': is_state('vault.ssl.available'),
}
def configure_vault(context):
context['disable_mlock'] = config()['disable-mlock']
context['ssl_available'] = is_state('vault.ssl.available')
status_set('maintenance', 'creating vault config')
render(
'vault.hcl.j2',
@ -91,6 +83,31 @@ def configure_vault(psql):
status_set('active', '=^_^=')
@when('snap.installed.vault')
@when_not('configured')
@when('db.master.available')
@when('vault.schema.created')
@when('vault.ssl.configured')
def configure_vault_psql(psql):
context = {
'storage_name': 'psql',
'psql_db_conn': psql.master,
}
configure_vault(context)
@when('snap.installed.vault')
@when_not('configured')
@when('shared-db.available')
@when('vault.ssl.configured')
def configure_vault_mysql(mysql):
context = {
'storage_name': 'mysql',
'mysql_db_relation': mysql,
}
configure_vault(context)
@when('config.changed.disable-mlock')
def disable_mlock_changed():
remove_state('configured')
@ -108,6 +125,17 @@ def request_db(pgsql):
pgsql.set_database('vault')
@when('shared-db.connected')
def mysql_setup(database):
"""Handle the default database connection setup
"""
db = {
'database': 'vault',
'username': 'vault',
}
database.configure(**db)
@when('db.master.available')
@when_not('vault.schema.created')
def create_vault_table(pgsql):
@ -144,10 +172,10 @@ def configure_ssl():
ssl_cert = ssl_cert + base64.decodestring(c['ssl-chain'].encode())
write_file('/var/snap/vault/common/vault.crt', ssl_cert, perms=0o600)
set_state('vault.ssl.available')
status_set('active', 'SSL key and cert installed')
else:
remove_state('vault.ssl.available')
set_state('vault.ssl.configured')
status_set('active', 'SSL key and cert installed')
remove_state('configured')

11
src/templates/vault.hcl.j2
View File

@ -1,9 +1,16 @@
{%- if disable_mlock %}
disable_mlock = true
{%- endif %}
{%- if db_conn %}
{%- if storage_name == 'psql' %}
storage "postgresql" {
connection_url = "{{ db_conn.uri }}"
connection_url = "{{ psql_db_conn.uri }}"
}
{% elif storage_name == 'mysql' %}
storage "mysql" {
username = "{{ mysql_db_relation.username() }}"
password = "{{ mysql_db_relation.password() }}"
database = "{{ mysql_db_relation.database() }}"
address = "{{ mysql_db_relation.db_host() }}:3306"
}
{%- endif %}
listener "tcp" {

12
src/tests/bundles/xenial-mysql.yaml Normal file
View File

@ -0,0 +1,12 @@
series: xenial
services:
vault:
num_units: 1
series: xenial
charm: ../../../vault
mysql:
charm: cs:mysql
num_units: 1
relations:
- - vault:shared-db
- mysql:shared-db

0
src/tests/bundles/xenial.yaml → src/tests/bundles/xenial-postgres.yaml
View File

5
src/tests/tests.yaml
View File

@ -4,6 +4,9 @@ tests:
configure:
- zaza.charm_tests.vault.setup.basic_setup
gate_bundles:
- xenial
- xenial-postgres
- xenial-mysql
smoke_bundles:
- xenial-mysql
dev_bundles:
- bionic

2
src/tox.ini
View File

@ -29,7 +29,7 @@ commands =
[testenv:func-smoke]
basepython = python3
commands =
functest-run-suite --keep-model
functest-run-suite --keep-model --smoke
[testenv:venv]
commands = {posargs}

30
unit_tests/test_vault.py
View File

@ -41,12 +41,13 @@ class TestHandlers(unittest.TestCase):
service_start, open_port, config, is_state):
config.return_value = {'disable-mlock': False}
is_state.return_value = True
psql = mock.MagicMock()
psql = mock.MagicMock()
psql.master = 'myuri'
handlers.configure_vault(psql)
db_context = {
'storage_name': 'psql',
'psql_db_conn': 'myuri'}
handlers.configure_vault(db_context)
expected_context = {
'db_conn': 'myuri',
'storage_name': 'psql',
'psql_db_conn': 'myuri',
'disable_mlock': False,
'ssl_available': True,
}
@ -76,7 +77,7 @@ class TestHandlers(unittest.TestCase):
# Check flipping disable-mlock makes it to the context
config.return_value = {'disable-mlock': True}
expected_context['disable_mlock'] = True
handlers.configure_vault(psql)
handlers.configure_vault(db_context)
render_calls = [
mock.call(
'vault.hcl.j2',
@ -91,6 +92,23 @@ class TestHandlers(unittest.TestCase):
]
render.assert_has_calls(render_calls)
@patch.object(handlers, 'configure_vault')
def test_configure_vault_psql(self, configure_vault):
psql = mock.MagicMock()
psql.master = 'myuri'
handlers.configure_vault_psql(psql)
configure_vault.assert_called_once_with({
'storage_name': 'psql',
'psql_db_conn': 'myuri'})
@patch.object(handlers, 'configure_vault')
def test_configure_vault_msql(self, configure_vault):
mysql = mock.MagicMock()
handlers.configure_vault_mysql(mysql)
configure_vault.assert_called_once_with({
'storage_name': 'mysql',
'mysql_db_relation': mysql})
@patch.object(handlers, 'remove_state')
def test_disable_mlock_changed(self, remove_state):
handlers.disable_mlock_changed()