Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DPE-3654] Peer cluster data stored in a secret #463

Merged
merged 18 commits into from
Jan 23, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 6 additions & 7 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ concurrency:
on:
pull_request:
schedule:
- cron: '53 0 * * *' # Daily at 00:53 UTC
- cron: "53 0 * * *" # Daily at 00:53 UTC
# Triggered on push to branch "main" by .github/workflows/release.yaml
workflow_call:
outputs:
Expand Down Expand Up @@ -111,7 +111,6 @@ jobs:
TF_VAR_model_name="test" terraform apply -target null_resource.simple_deployment_juju_wait_deployment -auto-approve
popd


lib-check:
name: Check libraries
runs-on: ubuntu-22.04
Expand All @@ -127,7 +126,7 @@ jobs:
- name: Check libs
uses: canonical/charming-actions/check-libraries@2.4.0
with:
charmcraft-channel: latest/candidate # TODO: remove after charmcraft 3.3 stable release
charmcraft-channel: latest/candidate # TODO: remove after charmcraft 3.3 stable release
credentials: ${{ secrets.CHARMHUB_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}
use-labels: false
Expand All @@ -139,11 +138,11 @@ jobs:
fail-fast: false
matrix:
path:
- .
- ./tests/integration/relations/opensearch_provider/application-charm/
- .
- ./tests/integration/relations/opensearch_provider/application-charm/
uses: canonical/data-platform-workflows/.github/workflows/build_charm.yaml@v29.0.0
with:
charmcraft-snap-channel: latest/candidate # TODO: remove after charmcraft 3.3 stable release
charmcraft-snap-channel: latest/candidate # TODO: remove after charmcraft 3.3 stable release
path-to-charm-directory: ${{ matrix.path }}

integration-test:
Expand All @@ -154,7 +153,7 @@ jobs:
- build
uses: canonical/data-platform-workflows/.github/workflows/integration_test_charm.yaml@v29.0.0
with:
juju-agent-version: 3.6.1 # renovate: juju-agent-pin-minor
juju-agent-version: 3.6.1 # renovate: juju-agent-pin-minor
_beta_allure_report: true
artifact-prefix: ${{ needs.build.outputs.artifact-prefix }}
cloud: lxd
Expand Down
64 changes: 63 additions & 1 deletion lib/charms/opensearch/v0/opensearch_peer_clusters.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,18 @@
# See LICENSE file for licensing details.

"""Class for Managing simple or large deployments and configuration related changes."""
import json
import logging
from datetime import datetime
from typing import TYPE_CHECKING, List, Literal, Optional

from charms.opensearch.v0.constants_charm import (
AdminUser,
CMRoleRemovalForbidden,
CmVoRolesProvidedInvalid,
COSUser,
DataRoleRemovalForbidden,
KibanaserverUser,
PClusterNoRelation,
PClusterWrongNodesCountForQuorum,
PClusterWrongRelation,
Expand Down Expand Up @@ -528,7 +532,7 @@ def rel_data(self) -> Optional[PeerClusterRelData]:
if not (data := rel.data[rel.app].get("data")):
return None

return PeerClusterRelData.from_str(data)
return self.rel_data_from_str(data)

def _pre_validate_roles_change(self, new_roles: List[str], prev_roles: List[str]):
"""Validate that the config changes of roles are allowed to happen."""
Expand Down Expand Up @@ -590,3 +594,61 @@ def _deployment_type(config: PeerClusterConfig, start_mode: StartMode) -> Deploy
if not config.init_hold
else DeploymentType.FAILOVER_ORCHESTRATOR
)

def rel_data_from_str(self, redacted_dict_str: str) -> PeerClusterRelData:
"""Construct the peer cluster rel data from the secret data."""
content = json.loads(redacted_dict_str)
credentials = content["credentials"]

credentials["admin_password"] = (
self._charm.model.get_secret(id=credentials["admin_password"])
.get_content()
.get(self._charm.secrets.password_key(AdminUser))
)

credentials["admin_password_hash"] = (
self._charm.model.get_secret(id=credentials["admin_password_hash"])
.get_content()
.get(self._charm.secrets.hash_key(AdminUser))
)

credentials["kibana_password"] = (
self._charm.model.get_secret(id=credentials["kibana_password"])
.get_content()
.get(self._charm.secrets.password_key(KibanaserverUser))
)

credentials["kibana_password_hash"] = (
self._charm.model.get_secret(id=credentials["kibana_password_hash"])
.get_content()
.get(self._charm.secrets.hash_key(KibanaserverUser))
)

if "monitor_password" in credentials:
credentials["monitor_password"] = (
self._charm.model.get_secret(id=credentials["monitor_password"])
.get_content()
.get(self._charm.secrets.password_key(COSUser))
)

if "admin_tls" in credentials:
credentials["admin_tls"] = self._charm.model.get_secret(
id=credentials["admin_tls"]
).get_content()

if (
"s3" in credentials
and credentials["s3"].get("access-key")
and credentials["s3"].get("secret-key")
):
credentials["s3"]["access-key"] = (
self._charm.model.get_secret(id=credentials["s3"]["access-key"])
.get_content()
.get("s3-access-key")
)
credentials["s3"]["secret-key"] = (
self._charm.model.get_secret(id=credentials["s3"]["secret-key"])
.get_content()
.get("s3-secret-key")
)
return PeerClusterRelData.from_dict(content)
Loading
Loading