Skip to content

Commit

Permalink
Fix cert chain handling (#83)
Browse files Browse the repository at this point in the history
* Add backwards compat for chain
* Also apply to v1
  • Loading branch information
sed-i authored Mar 27, 2024
1 parent f2060ea commit 4169cf1
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 9 deletions.
12 changes: 10 additions & 2 deletions lib/charms/observability_libs/v0/cert_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@

LIBID = "b5cd5cd580f3428fa5f59a8876dcbe6a"
LIBAPI = 0
LIBPATCH = 10
LIBPATCH = 11


def is_ip_address(value: str) -> bool:
Expand Down Expand Up @@ -378,7 +378,15 @@ def _server_cert(self, value: str):
def _chain(self) -> str:
if self._peer_relation:
if chain := self._peer_relation.data[self.charm.unit].get("chain", ""):
return json.loads(cast(str, chain))
chain = json.loads(chain)

# In a previous version of this lib, chain used to be a list.
# Convert the List[str] to str, per
# https://github.com/canonical/tls-certificates-interface/pull/141
if isinstance(chain, list):
chain = "\n\n".join(reversed(chain))

return cast(str, chain)
return ""

@_chain.setter
Expand Down
11 changes: 5 additions & 6 deletions lib/charms/observability_libs/v1/cert_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,18 +32,17 @@
Since this library uses [Juju Secrets](https://juju.is/docs/juju/secret) it requires Juju >= 3.0.3.
"""
import ipaddress
import json
import socket
from itertools import filterfalse
from typing import List, Optional, Union

try:
from charms.tls_certificates_interface.v2.tls_certificates import ( # type: ignore
from charms.tls_certificates_interface.v3.tls_certificates import ( # type: ignore
AllCertificatesInvalidatedEvent,
CertificateAvailableEvent,
CertificateExpiringEvent,
CertificateInvalidatedEvent,
TLSCertificatesRequiresV2,
TLSCertificatesRequiresV3,
generate_csr,
generate_private_key,
)
Expand All @@ -66,7 +65,7 @@

LIBID = "b5cd5cd580f3428fa5f59a8876dcbe6a"
LIBAPI = 1
LIBPATCH = 3
LIBPATCH = 4


def is_ip_address(value: str) -> bool:
Expand Down Expand Up @@ -128,7 +127,7 @@ def __init__(
self.sans_dns = list(filterfalse(is_ip_address, sans))

self.certificates_relation_name = certificates_relation_name
self.certificates = TLSCertificatesRequiresV2(self.charm, self.certificates_relation_name)
self.certificates = TLSCertificatesRequiresV3(self.charm, self.certificates_relation_name)

self.framework.observe(
self.charm.on.config_changed,
Expand Down Expand Up @@ -278,7 +277,7 @@ def _on_certificate_available(self, event: CertificateAvailableEvent) -> None:
content = {
"ca-cert": event.ca,
"server-cert": event.certificate,
"chain": json.dumps(event.chain),
"chain": event.chain_as_pem(),
"csr": event_csr,
}
try:
Expand Down
2 changes: 1 addition & 1 deletion tests/integration/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ async def tester_charm(ops_test: OpsTest) -> Path:
fetch_tls_cmd = [
"charmcraft",
"fetch-lib",
"charms.tls_certificates_interface.v2.tls_certificates",
"charms.tls_certificates_interface.v3.tls_certificates",
]
await ops_test.run(*fetch_tls_cmd)
shutil.move("lib/charms/tls_certificates_interface", f"{TESTINGCHARM_PATH}/lib/charms/")
Expand Down

0 comments on commit 4169cf1

Please sign in to comment.