Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add refresh_events to CertHandler #108

Merged
merged 8 commits into from
Sep 4, 2024
Merged

Add refresh_events to CertHandler #108

Changes from 3 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
13a0372
refresh events
michaeldmitry Sep 2, 2024
5e41e0a
static check
michaeldmitry Sep 2, 2024
0b61315
lint
michaeldmitry Sep 2, 2024
3d6b377
nit + speed up tests
michaeldmitry Sep 3, 2024
04719f6
improve doc
michaeldmitry Sep 3, 2024
a94f2f0
revert init
michaeldmitry Sep 3, 2024
05159e5
refactor
michaeldmitry Sep 3, 2024
8001de0
use hashing
michaeldmitry Sep 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 23 additions & 2 deletions lib/charms/observability_libs/v1/cert_handler.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,15 +59,15 @@
import logging

from ops.charm import CharmBase
from ops.framework import EventBase, EventSource, Object, ObjectEvents
from ops.framework import BoundEvent, EventBase, EventSource, Object, ObjectEvents
from ops.jujuversion import JujuVersion
from ops.model import Relation, Secret, SecretNotFoundError

logger = logging.getLogger(__name__)

LIBID = "b5cd5cd580f3428fa5f59a8876dcbe6a"
LIBAPI = 1
LIBPATCH = 11
LIBPATCH = 12

VAULT_SECRET_LABEL = "cert-handler-private-vault"

Expand Down Expand Up @@ -283,6 +283,7 @@ def __init__(
peer_relation_name: str = "peers",
cert_subject: Optional[str] = None,
sans: Optional[List[str]] = None,
refresh_events: Optional[List[BoundEvent]] = None,
):
"""CertHandler is used to wrap TLS Certificates management operations for charms.

Expand All @@ -299,6 +300,10 @@ def __init__(
Must match metadata.yaml.
cert_subject: Custom subject. Name collisions are under the caller's responsibility.
sans: DNS names. If none are given, use FQDN.
refresh_events: an optional list of bound events which
will be observed to replace the current CSR with a new one
if there are any changes in the CSR request. Then, subsequently, replace the
michaeldmitry marked this conversation as resolved.
Show resolved Hide resolved
its corresponding certificate with a new one.
"""
super().__init__(charm, key)
self.charm = charm
Expand Down Expand Up @@ -355,6 +360,22 @@ def __init__(
self._on_upgrade_charm,
)

if refresh_events:
michaeldmitry marked this conversation as resolved.
Show resolved Hide resolved
for ev in refresh_events:
self.framework.observe(ev, self._on_refresh_event)

def _on_refresh_event(self, _):
# Renew only if there are CSR changes
curr_csr = self._csr.encode() if self._csr else None
new_csr = generate_csr(
michaeldmitry marked this conversation as resolved.
Show resolved Hide resolved
private_key=self.private_key.encode(),
subject=self.cert_subject,
sans_dns=self.sans_dns,
sans_ip=self.sans_ip,
)
if curr_csr is not None and curr_csr != new_csr:
self._generate_csr(renew=True)

def _on_upgrade_charm(self, _):
has_privkey = self.vault.get_value("private-key")

Expand Down
Loading