Add vault caching of secrets on relation test #1084
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This specific test is for the certificates relation to ensure that the data presented to units related to vault have a consistent set of data.
openstack-mirroring
pushed a commit
to openstack/charm-vault
that referenced
this pull request
Jul 26, 2023
This cache is used to store certificates and keys issued by the leader unit. Non-leader units read these certificates and keep data in their "tls-certificates" relations up to date. This ensures that charm units that receive certs from vault can read from relation data of any vault unit and receive correct data. This patch is mostly the same as I18aa6c9193379ea454851b6f60a8f331ef88a980 but improved to avoid LP#1896542 by removing the section where a certificate can be reused from cache during create_certs. Co-Authored-By: Rodrigo Barbieri <rodrigo.barbieri@canonical.com> Co-Authored-By: Alex Kavanagh <alex.kavanagh@canonical.com> func-test-pr: openstack-charmers/zaza-openstack-tests#1084 Closes-Bug: #1940549 Closes-Bug: #1983269 Closes-Bug: #1845961 Related-Bug: #1896542 Change-Id: I0cca13d2042d61ffc6a7c13eccb0ec8c292020c9
openstack-mirroring
pushed a commit
to openstack/openstack
that referenced
this pull request
Jul 26, 2023
* Update charm-vault from branch 'master'
to 1a1953b0ef23f724e9295505b100eca22ef9a6cd
- Implement cert cache for vault units (v4)
This cache is used to store certificates and keys
issued by the leader unit. Non-leader units read
these certificates and keep data in their
"tls-certificates" relations up to date.
This ensures that charm units that receive certs
from vault can read from relation data of any
vault unit and receive correct data.
This patch is mostly the same as
I18aa6c9193379ea454851b6f60a8f331ef88a980
but improved to avoid LP#1896542 by removing
the section where a certificate can be reused
from cache during create_certs.
Co-Authored-By: Rodrigo Barbieri <rodrigo.barbieri@canonical.com>
Co-Authored-By: Alex Kavanagh <alex.kavanagh@canonical.com>
func-test-pr: openstack-charmers/zaza-openstack-tests#1084
Closes-Bug: #1940549
Closes-Bug: #1983269
Closes-Bug: #1845961
Related-Bug: #1896542
Change-Id: I0cca13d2042d61ffc6a7c13eccb0ec8c292020c9
ajkavanagh
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This specific test is for the certificates relation to ensure that the
data presented to units related to vault have a consistent set of data.
Review that tests this change: https://review.opendev.org/c/openstack/charm-vault/+/883947