Skip to content

Commit

Permalink
Merge branch 'main' into renovate/python-dependencies
Browse files Browse the repository at this point in the history
  • Loading branch information
gruyaume authored Jan 16, 2025
2 parents 4c348d9 + ff48095 commit c90900f
Show file tree
Hide file tree
Showing 25 changed files with 805 additions and 1,054 deletions.
20 changes: 0 additions & 20 deletions .github/workflows/grafana-dashboard-lint-report.yaml

This file was deleted.

25 changes: 24 additions & 1 deletion .github/workflows/integration-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,30 @@ jobs:
run: |
tox -e integration -- \
--charm_path="${{ steps.charm-path.outputs.charm_path }}" \
--kv_requirer_charm_path="${{ steps.kv-requirer-charm-path.outputs.charm_path }}"
--kv_requirer_charm_path="${{ steps.kv-requirer-charm-path.outputs.charm_path }}" \
--alluredir allure-results
- name: Load test report history
uses: actions/checkout@v3
if: always()
continue-on-error: true
with:
ref: gh-pages
path: gh-pages
- name: Build test report
uses: simple-elf/[email protected]
if: always()
with:
gh_pages: gh-pages
allure_history: allure-history
allure_results: allure-results
- name: Publish test report
uses: peaceiris/actions-gh-pages@v3
if: always()
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_branch: gh-pages
publish_dir: allure-history

- name: Archive charmcraft logs
if: failure()
Expand Down
19 changes: 0 additions & 19 deletions .github/workflows/lint-report.yaml

This file was deleted.

16 changes: 10 additions & 6 deletions .github/workflows/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,17 @@ concurrency:

jobs:
lint-report:
uses: ./.github/workflows/lint-report.yaml
uses: canonical/identity-credentials-workflows/.github/workflows/lint-report.yaml@main

grafana-dashboard-lint-report:
uses: ./.github/workflows/grafana-dashboard-lint-report.yaml
uses: canonical/identity-credentials-workflows/.github/workflows/grafana-dashboard-lint-report.yaml@main

static-analysis:
name: Static analysis
uses: ./.github/workflows/static-analysis.yaml
uses: canonical/identity-credentials-workflows/.github/workflows/static-analysis.yaml@main

unit-tests-with-coverage:
uses: ./.github/workflows/unit-test.yaml
uses: canonical/identity-credentials-workflows/.github/workflows/unit-test.yaml@main

build:
needs:
Expand All @@ -38,12 +38,16 @@ jobs:
uses: ./.github/workflows/integration-test.yaml

publish-charm:
name: Publish Charm
needs:
- lint-report
- grafana-dashboard-lint-report
- static-analysis
- unit-tests-with-coverage
- integration-test
if: ${{ github.ref_name == 'main' || startsWith(github.ref_name, 'release-') }}
uses: ./.github/workflows/publish-charm.yaml
secrets: inherit
uses: canonical/identity-credentials-workflows/.github/workflows/publish-charm.yaml@main
secrets:
CHARMCRAFT_AUTH: ${{ secrets.CHARMCRAFT_AUTH }}
with:
track-name: 1.16
47 changes: 0 additions & 47 deletions .github/workflows/publish-charm.yaml

This file was deleted.

20 changes: 0 additions & 20 deletions .github/workflows/static-analysis.yaml

This file was deleted.

19 changes: 0 additions & 19 deletions .github/workflows/unit-test.yaml

This file was deleted.

4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,7 @@ __pycache__/
*.pem
tests/integration/vault_kv_requirer_operator/lib/charms/vault_k8s/v0/*
.charm_tracing_buffer.raw

# Ignore allure report and results if running locally
allure-report/
allure-results/
9 changes: 6 additions & 3 deletions lib/charms/vault_k8s/v0/vault_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@

# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 24
LIBPATCH = 25


RAFT_STATE_ENDPOINT = "v1/sys/storage/raft/autopilot/state"
Expand Down Expand Up @@ -483,13 +483,16 @@ def create_snapshot(self) -> requests.Response:
"""Create a snapshot of the Vault data."""
return self._client.sys.take_raft_snapshot()

def restore_snapshot(self, snapshot: IOBase) -> requests.Response:
def restore_snapshot(self, snapshot: IOBase) -> None:
"""Restore a snapshot of the Vault data.
Uses force_restore_raft_snapshot to restore the snapshot
even if the unseal key used at backup time is different from the current one.
"""
return self._client.sys.force_restore_raft_snapshot(snapshot)
response = self._client.sys.force_restore_raft_snapshot(snapshot)
if not 200 <= response.status_code < 300:
logger.warning("Error while restoring snapshot: %s", response.text)
raise VaultClientError(f"Error while restoring snapshot: {response.text}")

def get_raft_cluster_state(self) -> dict:
"""Get raft cluster state."""
Expand Down
117 changes: 117 additions & 0 deletions lib/charms/vault_k8s/v0/vault_helpers.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
"""This library contains helper function used when configuring the Vault service."""

import logging
from typing import Dict, List

import hcl
from charms.vault_k8s.v0.vault_managers import AutounsealConfigurationDetails
from jinja2 import Environment, FileSystemLoader

# The unique Charmhub library identifier, never change it
LIBID = "92129fe159114cf699a24f2e252795a0"

# Increment this major API version when introducing breaking changes
LIBAPI = 0

# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 1

logger = logging.getLogger(__name__)


def common_name_config_is_valid(common_name: str) -> bool:
"""Return whether the config value for the common name is valid."""
return common_name != ""


def render_vault_config_file(
config_template_path: str,
config_template_name: str,
default_lease_ttl: str,
max_lease_ttl: str,
cluster_address: str,
api_address: str,
tls_cert_file: str,
tls_key_file: str,
tcp_address: str,
raft_storage_path: str,
node_id: str,
retry_joins: List[Dict[str, str]],
autounseal_details: AutounsealConfigurationDetails | None = None,
) -> str:
"""Render the Vault config file."""
jinja2_environment = Environment(loader=FileSystemLoader(config_template_path))
template = jinja2_environment.get_template(config_template_name)
content = template.render(
default_lease_ttl=default_lease_ttl,
max_lease_ttl=max_lease_ttl,
cluster_address=cluster_address,
api_address=api_address,
tls_cert_file=tls_cert_file,
tls_key_file=tls_key_file,
tcp_address=tcp_address,
raft_storage_path=raft_storage_path,
node_id=node_id,
retry_joins=retry_joins,
autounseal_address=autounseal_details.address if autounseal_details else None,
autounseal_key_name=autounseal_details.key_name if autounseal_details else None,
autounseal_mount_path=autounseal_details.mount_path if autounseal_details else None,
autounseal_token=autounseal_details.token if autounseal_details else None,
autounseal_tls_ca_cert=autounseal_details.ca_cert_path if autounseal_details else None,
)
return content


def seal_type_has_changed(content_a: str, content_b: str) -> bool:
"""Check if the seal type has changed between two versions of the Vault configuration file.
Currently only checks if the transit stanza is present or not, since this
is all we support. This function will need to be extended to support
alternate cases if and when we support them.
"""
config_a = hcl.loads(content_a)
config_b = hcl.loads(content_b)
return _contains_transit_stanza(config_a) != _contains_transit_stanza(config_b)


def _contains_transit_stanza(config: dict) -> bool:
return "seal" in config and "transit" in config["seal"]


def config_file_content_matches(existing_content: str, new_content: str) -> bool:
"""Return whether two Vault config file contents match.
We check if the retry_join addresses match, and then we check if the rest of the config
file matches.
Returns:
bool: Whether the vault config file content matches
"""
existing_config_hcl = hcl.loads(existing_content)
new_content_hcl = hcl.loads(new_content)
if not existing_config_hcl:
logger.info("Existing config file is empty")
return existing_config_hcl == new_content_hcl
if not new_content_hcl:
logger.info("New config file is empty")
return existing_config_hcl == new_content_hcl

new_retry_joins = new_content_hcl["storage"]["raft"].pop("retry_join", [])
existing_retry_joins = existing_config_hcl["storage"]["raft"].pop("retry_join", [])

# If there is only one retry join, it is a dict
if isinstance(new_retry_joins, dict):
new_retry_joins = [new_retry_joins]
if isinstance(existing_retry_joins, dict):
existing_retry_joins = [existing_retry_joins]

new_retry_join_api_addresses = {address["leader_api_addr"] for address in new_retry_joins}
existing_retry_join_api_addresses = {
address["leader_api_addr"] for address in existing_retry_joins
}

return (
new_retry_join_api_addresses == existing_retry_join_api_addresses
and new_content_hcl == existing_config_hcl
)
Loading

0 comments on commit c90900f

Please sign in to comment.