First TLS instrumentation (#20)

* first TLS instrumentation * linting * let's use mimir default values * let's start with a simpler version * let's start with a simpler version * first instrumentation of TLS for nginx * change client_auth_type value * add integration test * Update tox.ini Co-authored-by: Leon <[email protected]> * address Leon's comments * server_name added * Dylan's suggestions addressed * remove _build_tls_config * update loki_push_api * putting everything in order after the merge * fix error in merge * change certhandler v0 with v1 * fix integration tests * linting * publish and grant certs * update cert_handler * change parameter name * move methos from mimir_cluster to charm * charm's code tidy up * add missing event handler --------- Co-authored-by: Leon <[email protected]>
canonical · Jan 18, 2024 · 8920465 · 8920465
1 parent 47a0ea1
commit 8920465
Show file tree

Hide file tree

Showing 17 changed files with 2,822 additions and 199 deletions.
diff --git a/charmcraft.yaml b/charmcraft.yaml
@@ -15,3 +15,6 @@ parts:
     charm-binary-python-packages:
       - pydantic>2.0
 
+      # For v2.tls_certificates
+      - cryptography
+      - jsonschema
diff --git a/lib/charms/mimir_coordinator_k8s/v0/mimir_cluster.py b/lib/charms/mimir_coordinator_k8s/v0/mimir_cluster.py
@@ -24,10 +24,14 @@
 DEFAULT_ENDPOINT_NAME = "mimir-cluster"
 
 LIBAPI = 0
-LIBPATCH = 2
+LIBPATCH = 3
 
 BUILTIN_JUJU_KEYS = {"ingress-address", "private-address", "egress-subnets"}
 
+MIMIR_CONFIG_FILE = "/etc/mimir/mimir-config.yaml"
+MIMIR_CERT_FILE = "/etc/mimir/server.cert"
+MIMIR_KEY_FILE = "/etc/mimir/private.key"
+MIMIR_CLIENT_CA_FILE = "/etc/mimir/ca.cert"
 
 class MimirClusterError(Exception):
     """Base class for exceptions raised by this module."""
@@ -273,7 +277,7 @@ def gather_addresses(self) -> Set[str]:
         addresses_by_role = self.gather_addresses_by_role()
         for role, address_set in addresses_by_role.items():
             data.update(address_set)
-        
+
         return data
 
 
@@ -417,3 +421,8 @@ def get_mimir_config(self) -> Dict[str, Any]:
                 log.error(f"invalid databag contents: {e}")
                 return {}
         return data
+
+    def get_cert_secret_ids(self) -> Optional[str]:
+        """Fetch certificates secrets ids for the mimir config."""
+        if self.relation and self.relation.app:
+                return self.relation.data[self.relation.app].get("secrets", None)