Add hostname as a new config option
Without this option, the charm announces its API URL with the VIP address. It is problematic when using FQDN in the SAN section of the certificates and not IP addresses. Change-Id: Id40f7f3d70c1e9b055bd0ed65c1c9a90c95f84c1 Closes-Bug: 1826225
This commit is contained in:
parent
1849ec9dce
commit
8b99dc2829
|
@ -74,3 +74,10 @@ options:
|
||||||
this will use all default values for the root CA cert. If you want
|
this will use all default values for the root CA cert. If you want
|
||||||
to adjust those values, you should use the generate-root-ca action
|
to adjust those values, you should use the generate-root-ca action
|
||||||
instead.
|
instead.
|
||||||
|
hostname:
|
||||||
|
type: string
|
||||||
|
default:
|
||||||
|
description: >-
|
||||||
|
Hostname to be used for the API URL. This hostname should exist as a DNS
|
||||||
|
record and be resolvable by the charms that will consume the relation
|
||||||
|
with vault.
|
||||||
|
|
|
@ -492,7 +492,10 @@ def configure_secrets_backend():
|
||||||
def send_vault_url_and_ca():
|
def send_vault_url_and_ca():
|
||||||
secrets = endpoint_from_flag('secrets.connected')
|
secrets = endpoint_from_flag('secrets.connected')
|
||||||
if is_flag_set('ha.available'):
|
if is_flag_set('ha.available'):
|
||||||
vault_url = vault.get_api_url(address=config('vip'))
|
if config('hostname'):
|
||||||
|
vault_url = vault.get_api_url(address=config('hostname'))
|
||||||
|
else:
|
||||||
|
vault_url = vault.get_api_url(address=config('vip'))
|
||||||
else:
|
else:
|
||||||
vault_url = vault.get_api_url()
|
vault_url = vault.get_api_url()
|
||||||
secrets.publish_url(vault_url=vault_url)
|
secrets.publish_url(vault_url=vault_url)
|
||||||
|
|
|
@ -604,7 +604,7 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
|
||||||
])
|
])
|
||||||
|
|
||||||
@mock.patch.object(handlers, 'vault')
|
@mock.patch.object(handlers, 'vault')
|
||||||
def send_vault_url_and_ca(self, _vault):
|
def test_send_vault_url_and_ca(self, _vault):
|
||||||
_test_config = {
|
_test_config = {
|
||||||
'vip': '10.5.100.1',
|
'vip': '10.5.100.1',
|
||||||
'ssl-ca': 'test-ca',
|
'ssl-ca': 'test-ca',
|
||||||
|
@ -626,7 +626,7 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
|
||||||
)
|
)
|
||||||
|
|
||||||
@mock.patch.object(handlers, 'vault')
|
@mock.patch.object(handlers, 'vault')
|
||||||
def send_vault_url_and_ca_ha(self, _vault):
|
def test_send_vault_url_and_ca_ha(self, _vault):
|
||||||
_test_config = {
|
_test_config = {
|
||||||
'vip': '10.5.100.1',
|
'vip': '10.5.100.1',
|
||||||
'ssl-ca': 'test-ca',
|
'ssl-ca': 'test-ca',
|
||||||
|
@ -647,6 +647,29 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
|
||||||
vault_ca='test-ca'
|
vault_ca='test-ca'
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@mock.patch.object(handlers, 'vault')
|
||||||
|
def test_send_vault_url_and_ca_hostname(self, _vault):
|
||||||
|
_test_config = {
|
||||||
|
'vip': '10.5.100.1',
|
||||||
|
'ssl-ca': 'test-ca',
|
||||||
|
'hostname': 'vault',
|
||||||
|
}
|
||||||
|
self.config.side_effect = lambda key: _test_config.get(key)
|
||||||
|
mock_secrets = mock.MagicMock()
|
||||||
|
self.endpoint_from_flag.return_value = mock_secrets
|
||||||
|
self.is_flag_set.return_value = True
|
||||||
|
_vault.get_api_url.return_value = 'https://vault:8200'
|
||||||
|
handlers.send_vault_url_and_ca()
|
||||||
|
self.endpoint_from_flag.assert_called_with('secrets.connected')
|
||||||
|
self.is_flag_set.assert_called_with('ha.available')
|
||||||
|
_vault.get_api_url.assert_called_once_with(address='vault')
|
||||||
|
mock_secrets.publish_url.assert_called_once_with(
|
||||||
|
vault_url='https://vault:8200'
|
||||||
|
)
|
||||||
|
mock_secrets.publish_ca.assert_called_once_with(
|
||||||
|
vault_ca='test-ca'
|
||||||
|
)
|
||||||
|
|
||||||
@mock.patch.object(handlers, 'vault_pki')
|
@mock.patch.object(handlers, 'vault_pki')
|
||||||
def test_publish_ca_info(self, vault_pki):
|
def test_publish_ca_info(self, vault_pki):
|
||||||
tls = self.endpoint_from_flag.return_value
|
tls = self.endpoint_from_flag.return_value
|
||||||
|
|
Loading…
Reference in New Issue