Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DPE-5965] - Set private key with juju secrets #29

Merged
merged 68 commits into from
Feb 6, 2025
Merged

[DPE-5965] - Set private key with juju secrets #29

Show file tree
Hide file tree
Changes from 66 commits
Commits
Show all changes
68 commits
Select commit Hold shift + click to select a range
21a339c
fetched lib and added interface in metadata
skourta Nov 26, 2024
9ed03f5
added dependencies for the tls lib
skourta Nov 26, 2024
8d75058
added etcdpaths dataclass
skourta Nov 26, 2024
ea586d1
feat: turn on TLS
skourta Dec 17, 2024
14d012b
feat: turn off TLS
skourta Dec 17, 2024
705a9ac
add some unit tests and fix failing unit test for the charm
skourta Jan 6, 2025
d6475d7
fix typo
skourta Jan 6, 2025
949302a
remove uneeded deps in charmcraft.yaml and update poetry.lock
skourta Jan 6, 2025
ac355e6
add integration tests
skourta Jan 7, 2025
7b76812
added rolling ops to handle activating and deactivating tls
skourta Jan 8, 2025
1ee73df
enhanced docstrings
skourta Jan 8, 2025
7c81778
fixed enabling tls on cluster creation
skourta Jan 8, 2025
ea43909
fixed unit tests and tweaked integration tests
skourta Jan 8, 2025
d07de5d
use 3 units instead of 2 in tls integration tests
skourta Jan 8, 2025
d3203e5
fixed based on feedback
skourta Jan 9, 2025
cd3c4e8
couple of fixed based on feedback
skourta Jan 10, 2025
dd67d30
added more unit tests
skourta Jan 10, 2025
fe70bdd
implementing Mehdi feedback
skourta Jan 13, 2025
a1a3b19
fix tests based on feedback
skourta Jan 13, 2025
c02245c
implement feedback for path handling
skourta Jan 13, 2025
d72956c
fixed misuse of tenacity
skourta Jan 13, 2025
5a889e6
fix updating certs
skourta Jan 13, 2025
9937fd4
rework to enable single TLS type activation
skourta Jan 15, 2025
a901a02
update tests
skourta Jan 15, 2025
8b106ef
go from kebab to snake case for relation data
skourta Jan 15, 2025
db2e97f
fix typo
skourta Jan 15, 2025
193a88e
add logging messagign and some tests
skourta Jan 15, 2025
a209912
reformat
skourta Jan 15, 2025
ec3f188
type and bug fix in test
skourta Jan 15, 2025
c3a9d96
added unit test for certificate expiration
skourta Jan 15, 2025
0c0c640
Merge branch 'main' into DPE-5962-tls-implement-basic-flow
skourta Jan 15, 2025
6e360cd
reformat files
skourta Jan 15, 2025
ca527c3
Merge main and necessary fixes
skourta Jan 16, 2025
4b95552
Merge branch 'main' into DPE-5962-tls-implement-basic-flow
skourta Jan 16, 2025
a5f7988
updated tls_certificates library
skourta Jan 16, 2025
daa5184
remove comment in tests and fix scale up with TLS
skourta Jan 17, 2025
753c65e
remove comments
skourta Jan 17, 2025
0253661
Merge branch 'main' into DPE-5962-tls-implement-basic-flow
skourta Jan 17, 2025
032fbe0
feedback fixes
skourta Jan 17, 2025
2e3f19b
feedback fixes
skourta Jan 20, 2025
402f5ae
set private key using juju secrets
skourta Jan 21, 2025
5eb04db
Use stage instead of prime in charmcraft files part (#27)
carlcsaposs-canonical Jan 22, 2025
8f6853d
swithed to one private key and added integration test
skourta Jan 24, 2025
f75ade7
Merge branch 'main' into DPE-5965-private-keys-juju-secrets
skourta Jan 24, 2025
3692dba
[DPE-6075] Make continuous writes independent of specific units (#19)
reneradoi Jan 24, 2025
0f7b9cb
add unit test
skourta Jan 24, 2025
ab08b43
Merge branch 'main' into DPE-5965-private-keys-juju-secrets
skourta Jan 24, 2025
17655db
fix integration test after merge
skourta Jan 24, 2025
9481d6b
updated .gitignore
skourta Jan 24, 2025
6afe984
add marks to the set private key test
skourta Jan 24, 2025
355fcee
bring num of units back to 3
skourta Jan 24, 2025
169f042
[DPE-5966] Implement CA rotation (#26)
skourta Jan 27, 2025
01f2c15
Merge branch 'main' into DPE-5965-private-keys-juju-secrets
skourta Jan 27, 2025
537c434
enhance unit test coverage
skourta Jan 28, 2025
739bd92
updated snap lib
skourta Jan 28, 2025
3a01649
use 2 config options
skourta Jan 29, 2025
43fc4b6
add TLS prefix to status
skourta Jan 29, 2025
b0c680e
add status blocked on secret not found and assertions on it in unit t…
skourta Jan 30, 2025
9e10954
[DPE-5968] integration tests helpers (#31)
skourta Jan 30, 2025
2482b30
upgrade lib from fork
skourta Feb 5, 2025
d943dd3
add checks on client/peer secret nto changing when the other changes
skourta Feb 5, 2025
8edab7e
Merge branch '3.5/edge' into DPE-5965-private-keys-juju-secrets
skourta Feb 5, 2025
97ecb74
added TODO comment
skourta Feb 5, 2025
0f86fea
update dp interfaces
skourta Feb 5, 2025
624b8ad
fix flakey unit test
skourta Feb 5, 2025
14b6c0c
remove build charm
skourta Feb 5, 2025
419bc44
fix typo
skourta Feb 6, 2025
06aefe2
add empty line in config.yaml
skourta Feb 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,8 @@ __pycache__/
*.py[cod]
.idea
.vscode/
etcd-v3.4.35-linux-amd64*
last_written_value
client.pem
client.key
client_ca.pem
12 changes: 11 additions & 1 deletion config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,14 @@ options:
Configure the internal system user and it's password. The password will
be auto-generated if this option is not set. It is for internal use only
and SHOULD NOT be used by applications. This needs to be a Juju Secret URI pointing
to a secret that contains the following content: `root: <password>`.
to a secret that contains the following content: `root: <password>`.

tls-peer-private-key:
type: secret
description: |
A Juju secret URI of a secret containing the private key for peer-to-peer TLS certificates.

tls-client-private-key:
type: secret
description: |
A Juju secret URI of a secret containing the private key for server-to-client TLS certificates.
5 changes: 2 additions & 3 deletions lib/charms/data_platform_libs/v0/data_interfaces.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -331,7 +331,7 @@ def _on_topic_requested(self, event: TopicRequestedEvent):

# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 40
LIBPATCH = 41

PYDEPS = ["ops>=2.0.0"]

Expand Down Expand Up @@ -609,7 +609,7 @@ def get_group(self, group: str) -> Optional[SecretGroup]:
class CachedSecret:
"""Locally cache a secret.

The data structure is precisely re-using/simulating as in the actual Secret Storage
The data structure is precisely reusing/simulating as in the actual Secret Storage
"""

KNOWN_MODEL_ERRORS = [MODEL_ERRORS["no_label_and_uri"], MODEL_ERRORS["owner_no_refresh"]]
Expand Down Expand Up @@ -2363,7 +2363,6 @@ def _update_relation_data(self, relation: Relation, data: Dict[str, str]) -> Non
def _delete_relation_data(self, relation: Relation, fields: List[str]) -> None:
"""Delete data available (directily or indirectly -- i.e. secrets) from the relation for owner/this_app."""
if self.secret_fields and self.deleted_label:

_, normal_fields = self._process_secret_fields(
relation,
self.secret_fields,
Expand Down
Loading
Loading