fix tls-relation for cross-model case

With cross-model relations (CMR), the "unit name" visible on the offering side of the relation is a UUID which doesn't match with the unit's own view of its unit name. Thus, the unit cannot find the responses to its cert requests, as they are keyed by the UUID rather than the unit name. By explicitly publishing the unit name over the relation, it ensures that the provider and requirer will use the same key. We use the unit name rather than a UUID or nonce to ensure that non-CMR deployments are not broken upon upgrade. juju-solutions/interface-tls-certificates#16 Change-Id: I3df63b92fc25423d930b5bf1c263eb62125a0a3f
tungstenfabric · Jun 29, 2021 · 64ef246 · 64ef246
1 parent 2314ef1
commit 64ef246
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 0 deletions.
diff --git a/contrail-agent/hooks/contrail_agent_hooks.py b/contrail-agent/hooks/contrail_agent_hooks.py
@@ -15,6 +15,7 @@
     related_units,
     status_set,
     unit_private_ip,
+    local_unit,
 )
 
 import contrail_agent_utils as utils
@@ -155,6 +156,8 @@ def _update_tls(rid=None):
 
 @hooks.hook('tls-certificates-relation-joined')
 def tls_certificates_relation_joined():
+    # in cross-model rellations we have to provide own name to be sure that we'll find it in response
+    relation_set(unit_name=local_unit().replace('/', '_'))
     _update_tls(rid=relation_id())
 
 

diff --git a/contrail-analytics/hooks/contrail_analytics_hooks.py b/contrail-analytics/hooks/contrail_analytics_hooks.py
@@ -234,6 +234,8 @@ def _update_tls(rid=None):
 
 @hooks.hook('tls-certificates-relation-joined')
 def tls_certificates_relation_joined():
+    # in cross-model rellations we have to provide own name to be sure that we'll find it in response
+    relation_set(unit_name=local_unit().replace('/', '_'))
     _update_tls(rid=relation_id())
 
 

diff --git a/contrail-analyticsdb/hooks/contrail_analyticsdb_hooks.py b/contrail-analyticsdb/hooks/contrail_analyticsdb_hooks.py
@@ -187,6 +187,8 @@ def _update_tls(rid=None):
 
 @hooks.hook('tls-certificates-relation-joined')
 def tls_certificates_relation_joined():
+    # in cross-model rellations we have to provide own name to be sure that we'll find it in response
+    relation_set(unit_name=local_unit().replace('/', '_'))
     _update_tls(rid=relation_id())
 
 

diff --git a/contrail-controller/hooks/contrail_controller_hooks.py b/contrail-controller/hooks/contrail_controller_hooks.py
@@ -568,6 +568,8 @@ def _update_tls(rid=None):
 
 @hooks.hook('tls-certificates-relation-joined')
 def tls_certificates_relation_joined():
+    # in cross-model rellations we have to provide own name to be sure that we'll find it in response
+    relation_set(unit_name=local_unit().replace('/', '_'))
     _update_tls(rid=relation_id())
 
 

diff --git a/contrail-kubernetes-master/hooks/contrail_kubernetes_master_hooks.py b/contrail-kubernetes-master/hooks/contrail_kubernetes_master_hooks.py
@@ -322,6 +322,8 @@ def _update_tls(rid=None):
 
 @hooks.hook('tls-certificates-relation-joined')
 def tls_certificates_relation_joined():
+    # in cross-model rellations we have to provide own name to be sure that we'll find it in response
+    relation_set(unit_name=local_unit().replace('/', '_'))
     _update_tls(rid=relation_id())