From 64ef246dacd8d27fd4920718221620b72a45bece Mon Sep 17 00:00:00 2001 From: Andrey Pavlov Date: Tue, 29 Jun 2021 20:12:54 +0300 Subject: [PATCH] fix tls-relation for cross-model case With cross-model relations (CMR), the "unit name" visible on the offering side of the relation is a UUID which doesn't match with the unit's own view of its unit name. Thus, the unit cannot find the responses to its cert requests, as they are keyed by the UUID rather than the unit name. By explicitly publishing the unit name over the relation, it ensures that the provider and requirer will use the same key. We use the unit name rather than a UUID or nonce to ensure that non-CMR deployments are not broken upon upgrade. https://github.com/juju-solutions/interface-tls-certificates/pull/16 Change-Id: I3df63b92fc25423d930b5bf1c263eb62125a0a3f --- contrail-agent/hooks/contrail_agent_hooks.py | 3 +++ contrail-analytics/hooks/contrail_analytics_hooks.py | 2 ++ contrail-analyticsdb/hooks/contrail_analyticsdb_hooks.py | 2 ++ contrail-controller/hooks/contrail_controller_hooks.py | 2 ++ .../hooks/contrail_kubernetes_master_hooks.py | 2 ++ 5 files changed, 11 insertions(+) diff --git a/contrail-agent/hooks/contrail_agent_hooks.py b/contrail-agent/hooks/contrail_agent_hooks.py index 873832c9..3b02e5a0 100755 --- a/contrail-agent/hooks/contrail_agent_hooks.py +++ b/contrail-agent/hooks/contrail_agent_hooks.py @@ -15,6 +15,7 @@ related_units, status_set, unit_private_ip, + local_unit, ) import contrail_agent_utils as utils @@ -155,6 +156,8 @@ def _update_tls(rid=None): @hooks.hook('tls-certificates-relation-joined') def tls_certificates_relation_joined(): + # in cross-model rellations we have to provide own name to be sure that we'll find it in response + relation_set(unit_name=local_unit().replace('/', '_')) _update_tls(rid=relation_id()) diff --git a/contrail-analytics/hooks/contrail_analytics_hooks.py b/contrail-analytics/hooks/contrail_analytics_hooks.py index bb87028e..3e80e335 100755 --- a/contrail-analytics/hooks/contrail_analytics_hooks.py +++ b/contrail-analytics/hooks/contrail_analytics_hooks.py @@ -234,6 +234,8 @@ def _update_tls(rid=None): @hooks.hook('tls-certificates-relation-joined') def tls_certificates_relation_joined(): + # in cross-model rellations we have to provide own name to be sure that we'll find it in response + relation_set(unit_name=local_unit().replace('/', '_')) _update_tls(rid=relation_id()) diff --git a/contrail-analyticsdb/hooks/contrail_analyticsdb_hooks.py b/contrail-analyticsdb/hooks/contrail_analyticsdb_hooks.py index d3f2a52a..dcaba792 100755 --- a/contrail-analyticsdb/hooks/contrail_analyticsdb_hooks.py +++ b/contrail-analyticsdb/hooks/contrail_analyticsdb_hooks.py @@ -187,6 +187,8 @@ def _update_tls(rid=None): @hooks.hook('tls-certificates-relation-joined') def tls_certificates_relation_joined(): + # in cross-model rellations we have to provide own name to be sure that we'll find it in response + relation_set(unit_name=local_unit().replace('/', '_')) _update_tls(rid=relation_id()) diff --git a/contrail-controller/hooks/contrail_controller_hooks.py b/contrail-controller/hooks/contrail_controller_hooks.py index 44084551..4ded5f26 100755 --- a/contrail-controller/hooks/contrail_controller_hooks.py +++ b/contrail-controller/hooks/contrail_controller_hooks.py @@ -568,6 +568,8 @@ def _update_tls(rid=None): @hooks.hook('tls-certificates-relation-joined') def tls_certificates_relation_joined(): + # in cross-model rellations we have to provide own name to be sure that we'll find it in response + relation_set(unit_name=local_unit().replace('/', '_')) _update_tls(rid=relation_id()) diff --git a/contrail-kubernetes-master/hooks/contrail_kubernetes_master_hooks.py b/contrail-kubernetes-master/hooks/contrail_kubernetes_master_hooks.py index 5aced98f..a7dc0878 100755 --- a/contrail-kubernetes-master/hooks/contrail_kubernetes_master_hooks.py +++ b/contrail-kubernetes-master/hooks/contrail_kubernetes_master_hooks.py @@ -322,6 +322,8 @@ def _update_tls(rid=None): @hooks.hook('tls-certificates-relation-joined') def tls_certificates_relation_joined(): + # in cross-model rellations we have to provide own name to be sure that we'll find it in response + relation_set(unit_name=local_unit().replace('/', '_')) _update_tls(rid=relation_id())