Skip to content

Commit

Permalink
Merge pull request juju#15855 from ycliuhw/fix-secret-ci
Browse files Browse the repository at this point in the history 
juju#15855

A couple of secret CI fixes.
Drive-by: we should ignore vault non-reachable network error during model teardown.
  • Loading branch information
@jujubot
jujubot committed Jul 4, 2023
2 parents 065ece1 + c8ab443 commit 99a7b7c
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 7 deletions.
10 changes: 9 additions & 1 deletion secrets/provider/vault/provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,15 @@ func (p vaultProvider) Initialise(cfg *provider.ModelBackendConfig) error {
}

// CleanupModel deletes all secrets and policies associated with the model.
func (p vaultProvider) CleanupModel(cfg *provider.ModelBackendConfig) error {
func (p vaultProvider) CleanupModel(cfg *provider.ModelBackendConfig) (err error) {
defer func() {
if err != nil && strings.HasSuffix(err.Error(), "no route to host") {
// There is nothing we can do now, so just log the error and continue.
err = nil
logger.Warningf("failed to cleanup secrets for model %q: %v", cfg.ModelUUID, err)
}
}()

modelPath := modelPathPrefix(cfg.ModelName, cfg.ModelUUID)
k, err := p.newBackend(modelPath, &cfg.BackendConfig)
if err != nil {
Expand Down
7 changes: 5 additions & 2 deletions tests/suites/secrets_iaas/vault.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ run_secret_drain() {
model_uuid=$(juju show-model $model_name --format json | jq -r ".[\"${model_name}\"][\"model-uuid\"]")

attempt=0
until check_contains "$(vault kv list -format json "${model_name}-${model_uuid: -6}" | jq length)" 2 >/dev/null 2>&1; do
until [[ $(vault kv list -format json "${model_name}-${model_uuid: -6}" | jq length) -eq 2 ]]; do
if [[ ${attempt} -ge 30 ]]; then
echo "Failed: expected all secrets get drained to vault."
exit 1
Expand All @@ -51,7 +51,7 @@ run_secret_drain() {
juju model-config secret-backend=auto

attempt=0
until check_contains "$(vault kv list -format json "${model_name}-${model_uuid: -6}" | jq length)" 0 >/dev/null 2>&1; do
until [[ $(vault kv list -format json "${model_name}-${model_uuid: -6}" | jq length) -eq 0 ]]; do
if [[ ${attempt} -ge 30 ]]; then
echo "Failed: expected all secrets get drained back to juju controller."
exit 1
Expand All @@ -62,6 +62,9 @@ run_secret_drain() {

juju show-secret --reveal "$secret_owned_by_unit"
juju show-secret --reveal "$secret_owned_by_app"

destroy_model "$model_name"
destroy_model "model-vault-provider"
}

prepare_vault() {
Expand Down
8 changes: 4 additions & 4 deletions tests/suites/secrets_k8s/k8s.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ run_secret_drain() {
juju model-config secret-backend="$vault_backend_name"

attempt=0
until check_contains "$(microk8s kubectl -n "$model_name" get secrets -l 'app.juju.is/created-by=hello' -o json | jq '.items | length')" 0 >/dev/null 2>&1; do
until [[ $(microk8s kubectl -n "$model_name" get secrets -l 'app.juju.is/created-by=hello' -o json | jq '.items | length') -eq 0 ]]; do
if [[ ${attempt} -ge 30 ]]; then
echo "Failed: expected all secrets get drained to vault, so k8s has no secrets."
exit 1
Expand All @@ -131,7 +131,7 @@ run_secret_drain() {
juju model-config secret-backend=auto

attempt=0
until check_contains "$(microk8s kubectl -n "$model_name" get secrets -l 'app.juju.is/created-by=hello')" "${unit_owned_short_uri}-1" >/dev/null 2>&1; do
until [[ "$(microk8s kubectl -n $model_name get secrets -l 'app.juju.is/created-by=hello')" =~ ${unit_owned_short_uri}-1 ]]; do
if [[ ${attempt} -ge 30 ]]; then
echo "Failed: expected secret ${unit_owned_short_uri}-1 gets drained to k8s."
exit 1
Expand All @@ -141,7 +141,7 @@ run_secret_drain() {
done

attempt=0
until check_contains "$(microk8s kubectl -n "$model_name" get secrets -l 'app.juju.is/created-by=hello')" "${app_owned_short_uri}-1" >/dev/null 2>&1; do
until [[ "$(microk8s kubectl -n $model_name get secrets -l 'app.juju.is/created-by=hello')" =~ ${app_owned_short_uri}-1 ]]; do
if [[ ${attempt} -ge 30 ]]; then
echo "Failed: expected secret ${app_owned_short_uri}-1 gets drained to k8s."
exit 1
Expand All @@ -162,7 +162,7 @@ prepare_vault() {

ip=$(hostname -I | awk '{print $1}')
root_token='root'
timeout 30m vault server -dev -dev-listen-address="${ip}:8200" -dev-root-token-id="$root_token" >/dev/null 2>&1 &
timeout 45m vault server -dev -dev-listen-address="${ip}:8200" -dev-root-token-id="$root_token" >/dev/null 2>&1 &

export VAULT_ADDR="http://${ip}:8200"
export VAULT_TOKEN="$root_token"
Expand Down

0 comments on commit 99a7b7c

Please sign in to comment.