charm-k8s-ingress

Merge ~mthaddon/charm-k8s-ingress/+git/charm-k8s-ingress:prompt-for-trust into charm-k8s-ingress:master

  1. Git
  2. lp:~mthaddon/charm-k8s-ingress/+git/charm-k8s-ingress
  3. prompt-for-trust
  4. Merge into master
Proposed by Tom Haddon
Status: Merged
Approved by: Jon Seager
Approved revision: fd1c492dac14743a05a6aae3fb4d4a22dcfa25c1
Merged at revision: 62135286c86ac0517c406210ce4c288262d4e9f6
Proposed branch: ~mthaddon/charm-k8s-ingress/+git/charm-k8s-ingress:prompt-for-trust
Merge into: charm-k8s-ingress:master
Diff against target: 72 lines (+37/-6)
2 files modified
src/charm.py (+23/-6)
tests/unit/test_charm.py (+14/-0)
Reviewer Review Type Date Requested Status
🤖 prod-jenkaas-is (community) continuous-integration Approve
ingress-charmers Pending
Review via email: mp+403041@code.launchpad.net

Commit message

Handle a permissions error from the k8s api, and prompt the user to run juju trust

To post a comment you must log in.
Revision history for this message
🤖 prod-jenkaas-is (prod-jenkaas-is) wrote :

A CI job is currently in progress. A follow up comment will be added when it completes.

Revision history for this message
🤖 prod-jenkaas-is (prod-jenkaas-is) wrote :

PASSED: Continuous integration, rev:fd1c492dac14743a05a6aae3fb4d4a22dcfa25c1
https://jenkins.canonical.com/is/job/lp-charm-k8s-ingress-ci/50/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/is/job/lp-charm-test/100/
    None: https://jenkins.canonical.com/is/job/lp-update-mp/170644/

Click here to trigger a rebuild:
https://jenkins.canonical.com/is/job/lp-charm-k8s-ingress-ci/50//rebuild

review: Approve (continuous-integration)
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
John A Meinel (jameinel) wrote :

I definitely appreciate the idea of going into Blocked with a nice message rather than just failing.
Small tweak to the message which has a typo.

Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision 62135286c86ac0517c406210ce4c288262d4e9f6

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/src/charm.py b/src/charm.py
2index 4716bba..8c3560e 100755
3--- a/src/charm.py
4+++ b/src/charm.py
5@@ -14,7 +14,7 @@ from charms.nginx_ingress_integrator.v0.ingress import (
6 )
7 from ops.charm import CharmBase
8 from ops.main import main
9-from ops.model import ActiveStatus
10+from ops.model import ActiveStatus, BlockedStatus
11
12
13 logger = logging.getLogger(__name__)
14@@ -371,11 +371,28 @@ class NginxIngressCharm(CharmBase):
15 # We only want to do anything here if we're the leader to avoid
16 # collision if we've scaled out this application.
17 if self.unit.is_leader() and self._service_name:
18- self._define_service()
19- self._define_ingress()
20- # It's not recommended to do this via ActiveStatus, but we don't
21- # have another way of reporting status yet.
22- msg = "Ingress with service IP(s): {}".format(", ".join(self._report_service_ips()))
23+ try:
24+ self._define_service()
25+ self._define_ingress()
26+ # It's not recommended to do this via ActiveStatus, but we don't
27+ # have another way of reporting status yet.
28+ msg = "Ingress with service IP(s): {}".format(
29+ ", ".join(self._report_service_ips())
30+ )
31+ except kubernetes.client.exceptions.ApiException as e:
32+ if e.status == 403:
33+ logger.error(
34+ "Insufficient permissions to create the k8s service, "
35+ "will request `juju trust` to be run"
36+ )
37+ self.unit.status = BlockedStatus(
38+ "Insufficuent permissions, try: `juju trust {} --scope=cluster`".format(
39+ self.app.name
40+ )
41+ )
42+ return
43+ else:
44+ raise
45 self.unit.status = ActiveStatus(msg)
46
47
48diff --git a/tests/unit/test_charm.py b/tests/unit/test_charm.py
49index 0e94711..ffd1aaa 100644
50--- a/tests/unit/test_charm.py
51+++ b/tests/unit/test_charm.py
52@@ -60,6 +60,20 @@ class TestCharm(unittest.TestCase):
53 # Confirm status is as expected.
54 self.assertEqual(self.harness.charm.unit.status, ActiveStatus())
55
56+ # Confirm if we get a 403 error from k8s API we block with an appropriate message.
57+ _define_ingress.reset_mock()
58+ _define_service.reset_mock()
59+ _define_service.side_effect = kubernetes.client.exceptions.ApiException(status=403)
60+ self.harness.set_leader(True)
61+ self.harness.update_config()
62+ self.assertEqual(
63+ self.harness.charm.unit.status,
64+ BlockedStatus(
65+ "Insufficuent permissions, try: "
66+ "`juju trust nginx-ingress-integrator --scope=cluster`"
67+ ),
68+ )
69+
70 def test_get_ingress_relation_data(self):
71 """Test for getting our ingress relation data."""
72 # Confirm we don't have any relation data yet in the relevant properties

Subscribers

People subscribed via source and target branches

to all changes: