Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Adds ratio of fulfilled certificate requests in status message #137

Merged
merged 2 commits into from
Jun 11, 2024
Merged

chore: Adds ratio of fulfilled certificate requests in status message #137

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b9fd0ff
Adds number of pending certificate requests in status message
saltiyazan Jun 10, 2024
ad538c3
Uses ratio of fulfilled/total requests
saltiyazan Jun 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 15 additions & 2 deletions lib/charms/lego_base_k8s/v0/lego_client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ def _plugin_config(self):

# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 8
LIBPATCH = 9


logger = logging.getLogger(__name__)
Expand Down Expand Up @@ -144,7 +144,7 @@ def _on_collect_status(self, event: CollectStatusEvent) -> None:
BlockedStatus(err)
)
return
event.add_status(ActiveStatus())
event.add_status(ActiveStatus(self._get_certificate_fulfillment_status()))

def _sync_certificates(self, event: EventBase) -> None:
"""Go through all the certificates relations and handle outstanding requests."""
Expand Down Expand Up @@ -278,6 +278,19 @@ def _generate_signed_certificate(self, csr: str, relation_id: int):
relation_id=relation_id,
)

def _get_certificate_fulfillment_status(self) -> str:
"""Return the status message reflecting how many certificate requests are still pending."""
outstanding_requests_num = len(
self.tls_certificates.get_outstanding_certificate_requests()
)
total_requests_num = len(
self.tls_certificates.get_requirer_csrs()
)
fulfilled_certs = total_requests_num - outstanding_requests_num
return (
f"{fulfilled_certs}/{total_requests_num} certificate requests are fulfilled"
)

@property
def _cmd(self) -> List[str]:
"""Command to run to get the certificate.
Expand Down
46 changes: 40 additions & 6 deletions tests/unit/test_charm.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
generate_private_key,
)
from ops import testing
from ops.model import BlockedStatus, WaitingStatus
from ops.model import ActiveStatus, BlockedStatus, WaitingStatus
from ops.pebble import ExecError
from ops.testing import Harness

Expand Down Expand Up @@ -307,28 +307,39 @@ def test_given_generic_config_is_not_valid_when_certificate_creation_request_the

assert self.harness.charm.unit.status == BlockedStatus("Invalid email address")

def test_given_invalid_specific_config_when_certificate_creation_request_then_status_is_blocked( # noqa: E501
self,
@patch("ops.model.Container.exec", new=MockExec)
@patch(
f"{TLS_LIB_PATH}.TLSCertificatesProvidesV3.set_relation_certificate",
)
def test_given_valid_config_and_pending_requests_when_update_status_then_status_is_active( # noqa: E501
self, mock_set_relation_certificate
):
self.harness.set_leader(False)
self.harness.update_config(
{
"email": "banana@email.com",
"server": "https://acme-v02.api.letsencrypt.org/directory",
}
)
self.harness.set_leader(True)
relation_id = self.harness.add_relation("certificates", "remote")
self.harness.add_relation_unit(relation_id, "remote/0")
self.harness.set_can_connect("lego", True)
self.harness.charm.valid_config = False
self.harness.charm.valid_config = True
container = self.harness.model.unit.get_container("lego")
container.push(
"/tmp/.lego/certificates/foo.crt", source=test_cert.read_bytes(), make_dirs=True
)

self.add_csr_to_remote_unit_relation_data(relation_id=relation_id, app_or_unit="remote/0")

self.harness.evaluate_status()

self.assertEqual(
self.harness.charm.unit.status, BlockedStatus("Invalid specific configuration")
self.harness.charm.unit.status, ActiveStatus(
"0/1 certificate requests are fulfilled"
)
)

def test_given_generic_config_is_not_valid_when_update_status_then_status_is_blocked(
self,
):
Expand Down Expand Up @@ -411,6 +422,29 @@ def test_given_invalid_specific_config_when_config_changed_then_status_is_blocke
self.harness.charm.unit.status, BlockedStatus("Invalid specific configuration")
)

def test_given_invalid_specific_config_when_certificate_creation_request_then_status_is_blocked( # noqa: E501
self,
):
self.harness.update_config(
{
"email": "banana@email.com",
"server": "https://acme-v02.api.letsencrypt.org/directory",
}
)
self.harness.set_leader(True)
relation_id = self.harness.add_relation("certificates", "remote")
self.harness.add_relation_unit(relation_id, "remote/0")
self.harness.set_can_connect("lego", True)
self.harness.charm.valid_config = False

self.harness.charm.on.config_changed.emit()

self.harness.evaluate_status()

self.assertEqual(
self.harness.charm.unit.status, BlockedStatus("Invalid specific configuration")
)

@patch("ops.model.Container.exec", new=MockExec)
@patch(
f"{TLS_LIB_PATH}.TLSCertificatesProvidesV3.set_relation_certificate",
Expand Down