vault-charm:master

Last commit made on 2022-11-25
Get this branch:
git clone -b master https://git.launchpad.net/vault-charm

Branch merges

Branch information

Name:
master
Repository:
lp:vault-charm

Recent commits

0188275... by Tom Haddon

Fix multiline notes and update obsolete add-relation juju command in README

Change-Id: I0326abbfe972062c9807083ebc3e0e80194d60a8

d6789e7... by Corey Bryant

Re-enable cluster tests to osci.yaml

Commit 0b7d04127996bd232e69f54d00e345abbd4bbc0e removed focal
tests and added jammy/kinetic tests in support of the Zed release.
The jammy/kinetic cluster tests weren't added to osci.yaml, so
they are added back in this change.

Remaining focal bundles are also dropped in this change.

Change-Id: Ic53d71bc7ddb25bc6735a2cfe36b78a5d8f30648

0b7d041... by Corey Bryant

Add Kinetic and Zed support

* sync charm-helpers to classic charms
* change openstack-origin/source default to zed
* align testing with zed
* add new zed bundles
* add zed bundles to tests.yaml
* add zed tests to osci.yaml and .zuul.yaml
* update build-on and run-on bases
* add bindep.txt for py310
* sync tox.ini and requirements.txt for ruamel
* use charmcraft_channel 2.0/stable
* drop reactive plugin overrides
* move interface/layer env vars to charmcraft.yaml

Change-Id: I577fff942606ded9885e9ba6f29040ba3fc7fb27

61fdf9c... by Samuel Walladge

Add embedded raft cluster storage support

Add support for using the embedded raft storage and ha storage engine,
and related management actions and config.

Closes-Bug: #1883242

func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/827

Change-Id: I66a9315844ddb67d43e3e1c002073ed315b3b851

9bf2a4c... by Alex Kavanagh

Revert "Implement cert cache for vault units (v2)"

This reverts commit f55055b8783ca6f3f569209b4f82285377f5ac64.

Reason for revert:

This patch breaks when issuing many certificates in large models due to CLI leader-set being overwhelmed: https://bugs.launchpad.net/vault-charm/+bug/1983269

Change-Id: I4854839b5278d1b4db325e44b78b1815b2751728

212d2a7... by Samuel Walladge

Fix use of get_chain

A recent change[1] switched to the newer methods in
hvac 11.2, but unfortunately the semantics between
client.secrets.pki.read_certificate() and client.read() are different,
in that the latter returns None on InvalidPath, whereas the former
allow the exception to bubble up.

This means that for the call sites here, we need to catch InvalidPath,
instead of the TypeError.
The original reason for TypeError was that the function
would end up calling None['key'] if read_certificate failed.

[1]: https://review.opendev.org/c/openstack/charm-vault/+/848205

Change-Id: I46b93457c8a757189802ca2c2cdf31cc9c5a9516

ee32710... by Alex Kavanagh

Fix to is_ca_ready() which used read_role() incorrectly

A recent change (1) switched to the newer methods in
hvac 11.2, but unfortunately the semantics between
client.secrets.pki.read_role() and client.read() are different,
in that the latter returns None on InvalidPath, whereas the former
allow the exception to bubble up.

Also updates tests and fixes a mocking issue on service_reload.

[1] https://review.opendev.org/c/openstack/charm-vault/+/848205

Change-Id: Id3d112104b1aa45b242e402709fb855131d5203e

68fecd9... by Samuel Walladge

Update hvac library to latest version

Update deprecated method calls where possible,
and use new methods instead of lower level read/write calls.

Change-Id: I991435cdf8d36016e75c46823ec47f3290a42fe4

4fccd71... by Samuel Walladge

Reload vault on configure

Always reload reload on configure.
This ensures any certificates changed on disk will be reloaded.
(Such as the tcp listener certificate files.)

Closes-Bug: #1912261
Change-Id: Ic254f38d86c0e8323ed10a2eaa22462797d48605

0da8001... by Zuul <email address hidden>

Merge "Implement cert cache for vault units (v2)"