68 lines
2.0 KiB
Python
68 lines
2.0 KiB
Python
from charmhelpers.core import hookenv, host
|
|
from charms.reactive import when_all, when_not, set_flag, clear_flag
|
|
from charms.reactive import endpoint_from_flag, register_trigger
|
|
from charms.reactive import data_changed
|
|
|
|
from charms.layer import vault_kv
|
|
|
|
|
|
register_trigger(when_not='vault-kv.connected',
|
|
clear_flag='layer.vault-kv.ready')
|
|
register_trigger(when_not='vault-kv.connected',
|
|
clear_flag='layer.vault-kv.requested')
|
|
|
|
|
|
@when_all('vault-kv.connected')
|
|
@when_not('layer.vault-kv.requested')
|
|
def request_vault_access():
|
|
vault = endpoint_from_flag('vault-kv.connected')
|
|
backend_name = vault_kv._get_secret_backend()
|
|
# backend can't be isolated or VaultAppKV won't work; see issue #2
|
|
vault.request_secret_backend(backend_name, isolated=False)
|
|
set_flag('layer.vault-kv.requested')
|
|
|
|
|
|
@when_all('vault-kv.available')
|
|
def set_ready():
|
|
try:
|
|
vault_kv.get_vault_config()
|
|
except vault_kv.VaultNotReady:
|
|
clear_flag('layer.vault-kv.ready')
|
|
else:
|
|
set_flag('layer.vault-kv.ready')
|
|
|
|
|
|
@when_all('layer.vault-kv.ready')
|
|
def check_config_changed():
|
|
try:
|
|
config = vault_kv.get_vault_config()
|
|
except vault_kv.VaultNotReady:
|
|
return
|
|
else:
|
|
if data_changed('layer.vault-kv.config', config):
|
|
set_flag('layer.vault-kv.config.changed')
|
|
|
|
|
|
def manage_app_kv_flags():
|
|
try:
|
|
app_kv = vault_kv.VaultAppKV()
|
|
for key in app_kv.keys():
|
|
app_kv._manage_flags(key)
|
|
except vault_kv.VaultNotReady:
|
|
vault_kv.VaultAppKV._clear_all_flags()
|
|
|
|
|
|
def update_app_kv_hashes():
|
|
try:
|
|
app_kv = vault_kv.VaultAppKV()
|
|
if hookenv.is_leader() and app_kv.any_changed():
|
|
# force hooks to run on non-leader units
|
|
hookenv.leader_set({'vault-kv-nonce': host.pwgen(8)})
|
|
app_kv.update_hashes()
|
|
except vault_kv.VaultNotReady:
|
|
return
|
|
|
|
|
|
hookenv.atstart(manage_app_kv_flags)
|
|
hookenv.atexit(update_app_kv_hashes)
|