95 lines
3.9 KiB
Python
95 lines
3.9 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from charms.reactive import is_flag_set, toggle_flag, clear_flag
|
|
from charms.reactive import Endpoint
|
|
from charmhelpers import core as ch_core
|
|
|
|
|
|
class VaultKVProvides(Endpoint):
|
|
def manage_flags(self):
|
|
any_fields_changed = False
|
|
for field in ('access_address',
|
|
'secret_backend',
|
|
'hostname',
|
|
'isolated'):
|
|
flag = self.expand_name('endpoint.{endpoint_name}.'
|
|
'changed.{}').format(field)
|
|
any_fields_changed = any_fields_changed or is_flag_set(flag)
|
|
clear_flag(flag)
|
|
toggle_flag(self.expand_name('{endpoint_name}.connected'),
|
|
self.is_joined)
|
|
toggle_flag(self.expand_name('endpoint.{endpoint_name}.new-request'),
|
|
any_fields_changed)
|
|
|
|
def publish_url(self, vault_url, remote_binding=None):
|
|
""" Publish URL for Vault to all Relations
|
|
|
|
:param vault_url: api url used by remote client to speak to vault.
|
|
:param remote_binding: Deprecated
|
|
"""
|
|
if remote_binding:
|
|
ch_core.hookenv.log(
|
|
"Use of remote_binding in publish_url is deprecated. "
|
|
"See LP Bug #1895185", "WARNING")
|
|
for relation in self.relations:
|
|
relation.to_publish['vault_url'] = vault_url
|
|
|
|
def publish_ca(self, vault_ca):
|
|
""" Publish SSL CA for Vault to all Relations """
|
|
for relation in self.relations:
|
|
relation.to_publish['vault_ca'] = vault_ca
|
|
|
|
def get_remote_unit_name(self, unit):
|
|
"""Get the remote units name.
|
|
|
|
:param unit: Unit to get name for.
|
|
:type name: Unit
|
|
:returns: Unit name
|
|
:rtype: str
|
|
"""
|
|
return unit.received.get('unit_name') or unit.unit_name
|
|
|
|
def set_role_id(self, unit, role_id, token):
|
|
""" Set the AppRole ID and token for out-of-band Secret ID retrieval
|
|
for a specific remote unit """
|
|
# for cmr we will need to the other end to provide their unit name
|
|
# expicitly.
|
|
unit_name = self.get_remote_unit_name(unit)
|
|
unit.relation.to_publish['{}_role_id'.format(unit_name)] = role_id
|
|
unit.relation.to_publish['{}_token'.format(unit_name)] = token
|
|
|
|
def requests(self):
|
|
""" Retrieve full set of setup requests from all remote units """
|
|
requests = []
|
|
for relation in self.relations:
|
|
for unit in relation.units:
|
|
access_address = unit.received['access_address']
|
|
ingress_address = unit.received['ingress-address']
|
|
secret_backend = unit.received['secret_backend']
|
|
hostname = unit.received['hostname']
|
|
isolated = unit.received['isolated']
|
|
unit_name = self.get_remote_unit_name(unit)
|
|
if not (secret_backend and access_address and
|
|
hostname and isolated is not None):
|
|
continue
|
|
requests.append({
|
|
'unit': unit,
|
|
'unit_name': unit_name,
|
|
'access_address': access_address,
|
|
'ingress_address': ingress_address,
|
|
'secret_backend': secret_backend,
|
|
'hostname': hostname,
|
|
'isolated': isolated,
|
|
})
|
|
return requests
|