Ensure we clear the ca.ready flag when we generate a CA
Previously, configuring any kind of CA, and then generating a new CA with CSR will cause the charm to have hook errors, as well as an error in the action to generate a CSR as a result of expecting a fully setup CA elsewhere in the charm. This change adds removal of that ca.ready flag from the charm when a CSR (and accompanying CA) are generated. Change-Id: I802f31c853df4a69f6a4c1529e2acb1543e21831 Closes-Bug: #1866150
This commit is contained in:
parent
ed8ddb8caa
commit
9f68653578
|
@ -67,6 +67,12 @@ def get_intermediate_csrs(*args):
|
|||
province=action_config.get('province'),
|
||||
organization=action_config.get('organization'),
|
||||
organizational_unit=action_config.get('organizational-unit'))
|
||||
# We have to clear both the reactive flag, as well as the leadership
|
||||
# managed root-ca option, otherwise, we will end up with the flag being
|
||||
# reset in the reactive handler after this is run.
|
||||
clear_flag('charm.vault.ca.ready')
|
||||
hookenv.leader_set(
|
||||
{'root-ca': None})
|
||||
hookenv.action_set({'output': csrs})
|
||||
|
||||
|
||||
|
|
|
@ -31,6 +31,10 @@ target_deploy_status:
|
|||
workload-status-message: "Monitor bootstrapped but waiting for number of OSDs to reach expected-osd-count (3)"
|
||||
tests:
|
||||
- zaza.openstack.charm_tests.vault.tests.VaultTest
|
||||
# This second run of the tests is to ensure that Vault can handle updating the
|
||||
# root CA in Vault with a refreshed CSR and won't end up in a hook-error
|
||||
# state. (LP: #1866150).
|
||||
- zaza.openstack.charm_tests.vault.tests.VaultTest
|
||||
tests_options:
|
||||
force_deploy:
|
||||
- groovy-mysql8
|
||||
|
|
Loading…
Reference in New Issue