From 601caf6cb53de03b108a728a26e2ea76c5cd255f Mon Sep 17 00:00:00 2001 From: Pietro Pasotti Date: Thu, 8 Aug 2024 14:28:09 +0200 Subject: [PATCH 1/2] added both LB IP and hostname to sans --- src/charm.py | 5 +++-- tests/scenario/test_scheme.py | 27 --------------------------- 2 files changed, 3 insertions(+), 29 deletions(-) delete mode 100644 tests/scenario/test_scheme.py diff --git a/src/charm.py b/src/charm.py index a38bbfd5..fdba880b 100755 --- a/src/charm.py +++ b/src/charm.py @@ -1160,15 +1160,16 @@ def server_cert_sans_dns(self) -> List[str]: assert isinstance(target, str), target # for type checker return [target] + targets = [target] # This is an IP address. Try to look up the hostname. with contextlib.suppress(OSError, TypeError): name, _, _ = socket.gethostbyaddr(target) # type: ignore # Do not return "hostname" like '10-43-8-149.kubernetes.default.svc.cluster.local' if is_hostname(name) and not name.endswith(".svc.cluster.local"): - return [name] + targets.append(name) # If all else fails, we'd rather use the bare IP - return [target] if target else [] + return targets @functools.lru_cache diff --git a/tests/scenario/test_scheme.py b/tests/scenario/test_scheme.py deleted file mode 100644 index 94fd1818..00000000 --- a/tests/scenario/test_scheme.py +++ /dev/null @@ -1,27 +0,0 @@ -# -# TODO: implement -# @pytest.mark.parametrize("scheme", ("http", "https", "h2c")) -# def test_scheme(traefik_ctx, scheme, traefik_container): -# ipa = Relation( -# "ingress", -# remote_app_data={ -# "model": "test-model", -# "name": "remote", -# "port": "42", -# "scheme": scheme, -# }, -# remote_units_data={ -# 1: {"host": "foobar.com"} -# }, -# ) -# state_in = State( -# config={"routing_mode": "path", "external_hostname": "foo.com"}, -# containers=[traefik_container], -# relations=[ipa], -# ) -# -# -# -# @pytest.mark.parametrize("scheme", ("foo", "bar", "1")) -# def test_invalid_scheme(scheme): -# pass From d8392c3025e875d1ad2512a4d2843c96a4cd1b88 Mon Sep 17 00:00:00 2001 From: Pietro Pasotti Date: Thu, 8 Aug 2024 16:36:20 +0200 Subject: [PATCH 2/2] static fix --- src/charm.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/charm.py b/src/charm.py index fdba880b..3c106aaf 100755 --- a/src/charm.py +++ b/src/charm.py @@ -1160,13 +1160,13 @@ def server_cert_sans_dns(self) -> List[str]: assert isinstance(target, str), target # for type checker return [target] - targets = [target] + targets: List[str] = [target] if target else [] # This is an IP address. Try to look up the hostname. with contextlib.suppress(OSError, TypeError): name, _, _ = socket.gethostbyaddr(target) # type: ignore # Do not return "hostname" like '10-43-8-149.kubernetes.default.svc.cluster.local' if is_hostname(name) and not name.endswith(".svc.cluster.local"): - targets.append(name) + targets.append(cast(str, name)) # If all else fails, we'd rather use the bare IP return targets