From 3ab1166452096a2c5c5a525b78efd43b85df1f98 Mon Sep 17 00:00:00 2001 From: Pietro Pasotti Date: Wed, 24 Apr 2024 14:46:57 +0200 Subject: [PATCH 1/3] skip pushing csr if relation is dead --- lib/charms/observability_libs/v1/cert_handler.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/charms/observability_libs/v1/cert_handler.py b/lib/charms/observability_libs/v1/cert_handler.py index 83c506a..e769a51 100644 --- a/lib/charms/observability_libs/v1/cert_handler.py +++ b/lib/charms/observability_libs/v1/cert_handler.py @@ -66,7 +66,7 @@ LIBID = "b5cd5cd580f3428fa5f59a8876dcbe6a" LIBAPI = 1 -LIBPATCH = 1 +LIBPATCH = 2 def is_ip_address(value: str) -> bool: @@ -224,6 +224,12 @@ def _generate_csr( This method intentionally does not emit any events, leave it for caller's responsibility. """ + # if the certificates relation is dead (perhaps we are in a relation-removed hook), + # don't do anything. + if not self.charm.model.get_relation(self.certificates_relation_name): + logger.debug(f"no {self.certificates_relation_name} relation found; skipping _generate_csr.") + return + # In case we already have a csr, do not overwrite it by default. if overwrite or renew or not self._csr: private_key = self.private_key From a9042650167150cf1d4864b4744ae578a378f7ae Mon Sep 17 00:00:00 2001 From: Pietro Pasotti Date: Wed, 24 Apr 2024 15:03:11 +0200 Subject: [PATCH 2/3] fixed issue with relation-broken in certhandler: --- lib/charms/observability_libs/v0/cert_handler.py | 8 +++++++- lib/charms/observability_libs/v1/cert_handler.py | 6 +++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/lib/charms/observability_libs/v0/cert_handler.py b/lib/charms/observability_libs/v0/cert_handler.py index 9dcfc8f..f53ec3d 100644 --- a/lib/charms/observability_libs/v0/cert_handler.py +++ b/lib/charms/observability_libs/v0/cert_handler.py @@ -67,7 +67,7 @@ LIBID = "b5cd5cd580f3428fa5f59a8876dcbe6a" LIBAPI = 0 -LIBPATCH = 11 +LIBPATCH = 12 def is_ip_address(value: str) -> bool: @@ -240,6 +240,12 @@ def _generate_csr( This method intentionally does not emit any events, leave it for caller's responsibility. """ + # if we are in a relation-broken hook, we might not have a relation to publish the csr to. + if not self.charm.model.get_relation(self.certificates_relation_name): + logger.warning(f"No {self.certificates_relation_name!r} relation found. " + f"Cannot generate csr.") + return + # At this point, assuming "peer joined" and "certificates joined" have already fired # (caller must guard) so we must have a private_key entry in relation data at our disposal. # Otherwise, traceback -> debug. diff --git a/lib/charms/observability_libs/v1/cert_handler.py b/lib/charms/observability_libs/v1/cert_handler.py index 03949b9..1a80c69 100644 --- a/lib/charms/observability_libs/v1/cert_handler.py +++ b/lib/charms/observability_libs/v1/cert_handler.py @@ -221,10 +221,10 @@ def _generate_csr( This method intentionally does not emit any events, leave it for caller's responsibility. """ - # if the certificates relation is dead (perhaps we are in a relation-removed hook), - # don't do anything. + # if we are in a relation-broken hook, we might not have a relation to publish the csr to. if not self.charm.model.get_relation(self.certificates_relation_name): - logger.debug(f"no {self.certificates_relation_name} relation found; skipping _generate_csr.") + logger.warning(f"No {self.certificates_relation_name!r} relation found. " + f"Cannot generate csr.") return # In case we already have a csr, do not overwrite it by default. From 358101bd85cf11e4b626ccf181984489bae1ae91 Mon Sep 17 00:00:00 2001 From: Pietro Pasotti Date: Wed, 24 Apr 2024 15:07:40 +0200 Subject: [PATCH 3/3] lint --- lib/charms/observability_libs/v0/cert_handler.py | 5 +++-- lib/charms/observability_libs/v1/cert_handler.py | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/charms/observability_libs/v0/cert_handler.py b/lib/charms/observability_libs/v0/cert_handler.py index f53ec3d..0fc610f 100644 --- a/lib/charms/observability_libs/v0/cert_handler.py +++ b/lib/charms/observability_libs/v0/cert_handler.py @@ -242,8 +242,9 @@ def _generate_csr( """ # if we are in a relation-broken hook, we might not have a relation to publish the csr to. if not self.charm.model.get_relation(self.certificates_relation_name): - logger.warning(f"No {self.certificates_relation_name!r} relation found. " - f"Cannot generate csr.") + logger.warning( + f"No {self.certificates_relation_name!r} relation found. " f"Cannot generate csr." + ) return # At this point, assuming "peer joined" and "certificates joined" have already fired diff --git a/lib/charms/observability_libs/v1/cert_handler.py b/lib/charms/observability_libs/v1/cert_handler.py index 1a80c69..79458e0 100644 --- a/lib/charms/observability_libs/v1/cert_handler.py +++ b/lib/charms/observability_libs/v1/cert_handler.py @@ -223,8 +223,9 @@ def _generate_csr( """ # if we are in a relation-broken hook, we might not have a relation to publish the csr to. if not self.charm.model.get_relation(self.certificates_relation_name): - logger.warning(f"No {self.certificates_relation_name!r} relation found. " - f"Cannot generate csr.") + logger.warning( + f"No {self.certificates_relation_name!r} relation found. " f"Cannot generate csr." + ) return # In case we already have a csr, do not overwrite it by default.