Implement key rotation for RadosGW daemons

This patchset implements the needed functionality on the ceph-mon charm to rotate the key of a specified RadosGW daemon. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1195 Change-Id: I6dbbf6ca1292a34f5d3b4ff8f2966c8b77f53f48
2024-04-09 12:00:25 -03:00 · 2024-04-09 12:00:25 -03:00 · 446d17f625
parent 0572504230
commit 446d17f625
2 changed files with 33 additions and 2 deletions
--- a/src/charm.py
+++ b/src/charm.py
@ -194,6 +194,11 @@ class CephMonCharm(ops_openstack.core.OSBaseCharm):
        for relation in self.model.relations['admin']:
            hooks.admin_relation_joined(str(relation.id))

+    def on_rotate_key_action(self, event):
+        ops_actions.rotate_key.rotate_key(
+            event, self.framework.model
+        )
+
    def __init__(self, *args):
        super().__init__(*args)
        self._stored.is_started = True
@ -231,7 +236,7 @@ class CephMonCharm(ops_openstack.core.OSBaseCharm):
        self._observe_action(self.on.list_entities_action,
                             ops_actions.list_entities.list_entities)
        self._observe_action(self.on.rotate_key_action,
-                             ops_actions.rotate_key.rotate_key)
+                             self.on_rotate_key_action)

        fw.observe(self.on.install, self.on_install)
        fw.observe(self.on.config_changed, self.on_config)
--- a/src/ops_actions/rotate_key.py
+++ b/src/ops_actions/rotate_key.py
@ -75,7 +75,31 @@ def _restart_daemon(entity, event):
        raise


-def rotate_key(event) -> None:
+def _handle_rgw_key_rotation(entity, event, model):
+    rgw_name = entity[7:]   # Skip 'client.'
+    relations = model.relations.get('radosgw')
+    if not relations:
+        event.fail('No RadosGW relations found')
+        return
+
+    for relation in relations:
+        for unit in relation.units:
+            try:
+                data = relation.data
+                if data[unit]["key_name"] != rgw_name:
+                    continue
+            except KeyError:
+                logger.exception('key name not found in relation data bag')
+                continue
+
+            data[model.unit][rgw_name + "_key"] = _create_key(entity, event)
+            event.set_results({"message": "success"})
+            return
+
+    event.fail("Entity %s not found" % entity)
+
+
+def rotate_key(event, model=None) -> None:
    """Rotate the key of the specified entity."""
    entity = event.params.get("entity")
    if entity.startswith("mgr"):
@ -99,5 +123,7 @@ def rotate_key(event) -> None:
        _replace_keyring_file(path, entity, key, event)
        _restart_daemon("ceph-mgr@%s.service" % entity[4:], event)
        event.set_results({"message": "success"})
+    elif entity.startswith('client.rgw.'):
+        _handle_rgw_key_rotation(entity, event, model)
    else:
        event.fail("Unknown entity: %s" % entity)