68 lines
2.0 KiB
Python
68 lines
2.0 KiB
Python
from charmhelpers.core import hookenv, host
|
|
from charms.reactive import when_all, when_not, set_flag, clear_flag
|
|
from charms.reactive import endpoint_from_flag, register_trigger
|
|
from charms.reactive import data_changed
|
|
|
|
from charms.layer import vault_kv
|
|
|
|
|
|
register_trigger(when_not="vault-kv.connected", clear_flag="layer.vault-kv.ready")
|
|
register_trigger(when_not="vault-kv.connected", clear_flag="layer.vault-kv.requested")
|
|
|
|
|
|
@when_all("vault-kv.connected")
|
|
@when_not("layer.vault-kv.requested")
|
|
def request_vault_access():
|
|
vault = endpoint_from_flag("vault-kv.connected")
|
|
backend_name = vault_kv._get_secret_backend()
|
|
# backend can't be isolated or VaultAppKV won't work; see issue #2
|
|
vault.request_secret_backend(backend_name, isolated=False)
|
|
set_flag("layer.vault-kv.requested")
|
|
|
|
|
|
@when_all("vault-kv.available")
|
|
def set_ready():
|
|
try:
|
|
vault_kv.get_vault_config()
|
|
except vault_kv.VaultNotReady:
|
|
clear_flag("layer.vault-kv.ready")
|
|
else:
|
|
set_flag("layer.vault-kv.ready")
|
|
|
|
|
|
@when_all("layer.vault-kv.ready")
|
|
def check_config_changed():
|
|
try:
|
|
config = vault_kv.get_vault_config()
|
|
except vault_kv.VaultNotReady:
|
|
return
|
|
else:
|
|
if data_changed("layer.vault-kv.config", config):
|
|
set_flag("layer.vault-kv.config.changed")
|
|
|
|
|
|
def manage_app_kv_flags():
|
|
try:
|
|
app_kv = vault_kv.VaultAppKV()
|
|
for key in app_kv.keys():
|
|
app_kv._manage_flags(key)
|
|
except vault_kv.VaultNotReady:
|
|
vault_kv.VaultAppKV._clear_all_flags()
|
|
|
|
|
|
def update_app_kv_hashes():
|
|
try:
|
|
app_kv = vault_kv.VaultAppKV()
|
|
if app_kv.any_changed():
|
|
if hookenv.is_leader():
|
|
# force hooks to run on non-leader units
|
|
hookenv.leader_set({"vault-kv-nonce": host.pwgen(8)})
|
|
# Update the local unit hashes at successful exit
|
|
app_kv.update_hashes()
|
|
except vault_kv.VaultNotReady:
|
|
return
|
|
|
|
|
|
hookenv.atstart(manage_app_kv_flags)
|
|
hookenv.atexit(update_app_kv_hashes)
|