Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: tls-certificates & certificate-transfer interface integrations #20

Merged
merged 2 commits into from
Jan 19, 2024
Merged

feat: tls-certificates & certificate-transfer interface integrations #20

merged 2 commits into from
Jan 19, 2024

Conversation

wood-push-melon
Copy link
Contributor

@wood-push-melon wood-push-melon commented Jan 16, 2024
edited
Loading

This pull request tries to implement the integration with tls-certificates interface and certificate-transfer interface.

@wood-push-melon wood-push-melon marked this pull request as draft January 16, 2024 23:29
@wood-push-melon wood-push-melon mentioned this pull request Jan 16, 2024
Merged
5 tasks
@wood-push-melon wood-push-melon requested a review from a team January 17, 2024 04:35
@wood-push-melon wood-push-melon marked this pull request as ready for review January 17, 2024 04:35
@wood-push-melon wood-push-melon marked this pull request as draft January 17, 2024 04:35
@wood-push-melon wood-push-melon force-pushed the IAM-622 branch 2 times, most recently from 2097e4b to af365cc Compare January 18, 2024 03:07
@wood-push-melon wood-push-melon marked this pull request as ready for review January 18, 2024 03:30
nsklikas
nsklikas reviewed Jan 18, 2024
View reviewed changes
Copy link
Contributor

@nsklikas nsklikas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. On config_changed you need to update the CertHandler config with the new hostname
  2. I have mixed feelings about the integrations.py file. It makes sense for removing some of the logic from the charm.py file, but at the same time it feels like it beats the purpose of having a lib. Libs should provide as much functionality as possible only through config. For example, if CertificateTransferProvides provided a function for updating all the relations with one call, you wouldn't need to wrap it. In addition, it makes each charm implement different patterns (especially across teams) and I think that we should strive for a uniform approach across charms. Having said that this is a nitpick and I have no problem with moving on with the current implementation, until we can better evaluate this approach.

src/integrations.py Outdated Show resolved Hide resolved
metadata.yaml Outdated Show resolved Hide resolved
src/integrations.py Outdated Show resolved Hide resolved
src/integrations.py Show resolved Hide resolved
nsklikas
nsklikas reviewed Jan 18, 2024
View reviewed changes
Copy link
Contributor

@nsklikas nsklikas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another question:
Shouldn't the glauth config be updated to use the cert after it is recieved?

src/integrations.py Show resolved Hide resolved
@natalian98
Copy link
Contributor

Shall we add this piece of config to the template?

@wood-push-melon
Copy link
Contributor Author

  1. On config_changed you need to update the CertHandler config with the new hostname
  2. I have mixed feelings about the integrations.py file. It makes sense for removing some of the logic from the charm.py file, but at the same time it feels like it beats the purpose of having a lib. Libs should provide as much functionality as possible only through config. For example, if CertificateTransferProvides provided a function for updating all the relations with one call, you wouldn't need to wrap it. In addition, it makes each charm implement different patterns (especially across teams) and I think that we should strive for a uniform approach across charms. Having said that this is a nitpick and I have no problem with moving on with the current implementation, until we can better evaluate this approach.

I am confused with the first one. The CertHandler constructor is fed with the most recent juju config value.

For the second, the integrations.py's purpose is not to replace/overlap the juju libraries. It's to wrap part of extra logic involved with juju libraries and expose some APIs for charms to use so that the charm.py does not need to worry too much about the logic which it does not need to. In some case that there isn't much logic to do when dealing with the integrations, simply using the API provided by juju library is good enough.

@wood-push-melon
Copy link
Contributor Author

wood-push-melon commented Jan 18, 2024
edited
Loading

Shall we add this piece of config to the template?

This task is in the scope of https://warthogs.atlassian.net/browse/IAM-621. It needs us to decide if we want the StartTLS in mandatory. I will leave some comments on the ticket.

@wood-push-melon
Copy link
Contributor Author

Another question: Shouldn't the glauth config be updated to use the cert after it is recieved?

I think this is related to another ticket's task: https://warthogs.atlassian.net/browse/IAM-621. And it needs us to make some decisions.

@wood-push-melon wood-push-melon merged commit 4d96a5a into main Jan 19, 2024
3 checks passed
@wood-push-melon wood-push-melon deleted the IAM-622 branch January 19, 2024 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@natalian98 natalian98 natalian98 approved these changes

@nsklikas nsklikas nsklikas approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wood-push-melon @natalian98 @nsklikas