Ensure that certificates are correctly managed.
When the certificates relation is ready before the
HA relation is clustered, the VIP symlinks will not
be created pointing at the correct certificates. This
change updates the HA handlers to ensure that the
certificate relation is handled after clustering,
if there are any certificate relations.
Change-Id: Idfbdaf7919569983cdf159e44a6dad26eccfd195
Closes-Bug: #1886077
(cherry picked from commit 71b7eedfc5
)
This commit is contained in:
parent
d4be285500
commit
91ec3a3d6d
|
@ -607,6 +607,10 @@ def ha_changed():
|
|||
if clustered:
|
||||
log('Cluster configured, notifying other services and updating '
|
||||
'keystone endpoint configuration')
|
||||
for rid in relation_ids('certificates'):
|
||||
if related_units(rid):
|
||||
for unit in related_units(rid):
|
||||
certs_changed(rid, unit)
|
||||
if (is_db_initialised() and is_elected_leader(CLUSTER_RES) and not
|
||||
is_unit_paused_set()):
|
||||
ensure_initial_admin(config)
|
||||
|
|
|
@ -529,6 +529,7 @@ class KeystoneRelationTests(CharmTestCase):
|
|||
hooks.ha_changed()
|
||||
self.assertTrue(configs.write_all.called)
|
||||
|
||||
@patch.object(hooks, 'relation_ids')
|
||||
@patch.object(hooks, 'update_all_fid_backends')
|
||||
@patch.object(hooks, 'update_all_domain_backends')
|
||||
@patch.object(hooks, 'update_all_identity_relation_units')
|
||||
|
@ -542,19 +543,56 @@ class KeystoneRelationTests(CharmTestCase):
|
|||
mock_is_db_initialised,
|
||||
update_ids,
|
||||
update_domains,
|
||||
update_fids):
|
||||
update_fids,
|
||||
relation_ids):
|
||||
mock_is_db_initialised.return_value = True
|
||||
self.is_db_ready.return_value = True
|
||||
self.relation_get.return_value = True
|
||||
self.relation_ids.return_value = ['identity-service:0']
|
||||
self.related_units.return_value = ['unit/0']
|
||||
|
||||
relation_ids.return_value = []
|
||||
hooks.ha_changed()
|
||||
self.assertTrue(configs.write_all.called)
|
||||
update_ids.assert_called_once_with()
|
||||
update_domains.assert_called_once_with()
|
||||
update_fids.assert_called_once_with()
|
||||
|
||||
@patch.object(hooks, 'certs_changed')
|
||||
@patch.object(hooks, 'related_units')
|
||||
@patch.object(hooks, 'relation_ids')
|
||||
@patch.object(hooks, 'update_all_fid_backends')
|
||||
@patch.object(hooks, 'update_all_domain_backends')
|
||||
@patch.object(hooks, 'update_all_identity_relation_units')
|
||||
@patch.object(hooks, 'is_db_initialised')
|
||||
@patch('keystone_utils.log')
|
||||
@patch.object(hooks, 'identity_changed')
|
||||
@patch.object(hooks, 'CONFIGS')
|
||||
def test_ha_relation_changed_clustered_leader_with_certs(
|
||||
self,
|
||||
configs,
|
||||
identity_changed,
|
||||
mock_log,
|
||||
mock_is_db_initialised,
|
||||
update_ids,
|
||||
update_domains,
|
||||
update_fids,
|
||||
relation_ids,
|
||||
related_units,
|
||||
certs_changed):
|
||||
mock_is_db_initialised.return_value = True
|
||||
self.is_db_ready.return_value = True
|
||||
self.relation_get.return_value = True
|
||||
self.relation_ids.return_value = ['identity-service:0']
|
||||
self.related_units.return_value = ['unit/0']
|
||||
relation_ids.return_value = ['1']
|
||||
related_units.return_value = ['2']
|
||||
hooks.ha_changed()
|
||||
self.assertTrue(configs.write_all.called)
|
||||
update_ids.assert_called_once_with()
|
||||
update_domains.assert_called_once_with()
|
||||
update_fids.assert_called_once_with()
|
||||
certs_changed.assert_called_once_with('1', '2')
|
||||
|
||||
@patch('keystone_utils.log')
|
||||
@patch.object(hooks, 'CONFIGS')
|
||||
def test_configure_https_enable(self, configs, mock_log):
|
||||
|
|
Loading…
Reference in New Issue