Add hostname as a new config option

Without this option, the charm announces its API URL with the VIP address. It is problematic when using FQDN in the SAN section of the certificates and not IP addresses. Change-Id: Id40f7f3d70c1e9b055bd0ed65c1c9a90c95f84c1 Closes-Bug: 1826225
2019-04-24 20:00:01 +02:00 · 2019-04-24 20:00:01 +02:00 · 8b99dc2829
parent 1849ec9dce
commit 8b99dc2829
3 changed files with 36 additions and 3 deletions
--- a/src/config.yaml
+++ b/src/config.yaml
@ -74,3 +74,10 @@ options:
      this will use all default values for the root CA cert.  If you want
      to adjust those values, you should use the generate-root-ca action
      instead.
+  hostname:
+    type: string
+    default:
+    description: >-
+      Hostname to be used for the API URL. This hostname should exist as a DNS
+      record and be resolvable by the charms that will consume the relation 
+      with vault.
--- a/src/reactive/vault_handlers.py
+++ b/src/reactive/vault_handlers.py
@ -492,7 +492,10 @@ def configure_secrets_backend():
 def send_vault_url_and_ca():
    secrets = endpoint_from_flag('secrets.connected')
    if is_flag_set('ha.available'):
-        vault_url = vault.get_api_url(address=config('vip'))
+        if config('hostname'):
+            vault_url = vault.get_api_url(address=config('hostname'))
+        else:
+            vault_url = vault.get_api_url(address=config('vip'))
    else:
        vault_url = vault.get_api_url()
    secrets.publish_url(vault_url=vault_url)
--- a/unit_tests/test_reactive_vault_handlers.py
+++ b/unit_tests/test_reactive_vault_handlers.py
@ -604,7 +604,7 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
        ])

    @mock.patch.object(handlers, 'vault')
-    def send_vault_url_and_ca(self, _vault):
+    def test_send_vault_url_and_ca(self, _vault):
        _test_config = {
            'vip': '10.5.100.1',
            'ssl-ca': 'test-ca',
@ -626,7 +626,7 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
        )

    @mock.patch.object(handlers, 'vault')
-    def send_vault_url_and_ca_ha(self, _vault):
+    def test_send_vault_url_and_ca_ha(self, _vault):
        _test_config = {
            'vip': '10.5.100.1',
            'ssl-ca': 'test-ca',
@ -647,6 +647,29 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
            vault_ca='test-ca'
        )

+    @mock.patch.object(handlers, 'vault')
+    def test_send_vault_url_and_ca_hostname(self, _vault):
+        _test_config = {
+            'vip': '10.5.100.1',
+            'ssl-ca': 'test-ca',
+            'hostname': 'vault',
+        }
+        self.config.side_effect = lambda key: _test_config.get(key)
+        mock_secrets = mock.MagicMock()
+        self.endpoint_from_flag.return_value = mock_secrets
+        self.is_flag_set.return_value = True
+        _vault.get_api_url.return_value = 'https://vault:8200'
+        handlers.send_vault_url_and_ca()
+        self.endpoint_from_flag.assert_called_with('secrets.connected')
+        self.is_flag_set.assert_called_with('ha.available')
+        _vault.get_api_url.assert_called_once_with(address='vault')
+        mock_secrets.publish_url.assert_called_once_with(
+            vault_url='https://vault:8200'
+        )
+        mock_secrets.publish_ca.assert_called_once_with(
+            vault_ca='test-ca'
+        )
+
    @mock.patch.object(handlers, 'vault_pki')
    def test_publish_ca_info(self, vault_pki):
        tls = self.endpoint_from_flag.return_value