vault-charm:stable/1.7

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

bbf66ee... by Zuul <email address hidden> on 2024-01-10

Merge "Fix broken v4 caching due to leader-get asymmetry" into stable/1.7

2fc73db... by Zuul <email address hidden> on 2024-01-10

Merge "Implement cert cache for vault units (v4)" into stable/1.7

9c32533... by Alex Kavanagh on 2023-08-03

Fix broken v4 caching due to leader-get asymmetry

leader-get decodes using json, but leader-set just sets the keys. This
wasn't taken into consideration when fetching all the keys to filter for
cached keys when a relation is leaving. This is resolved in this patch.

func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1153

Change-Id: I2d44ec0c43c1ecffd9ac77a1162ead4e4a01aabe
(cherry picked from commit d925ac756638ed043e33a7b47a2681dfcd8900ce)
(cherry picked from commit 0a18ac23ce295c14789e99f7802efc51438d10aa)

a3ff396... by Martin Kalcok on 2022-02-11

Implement cert cache for vault units (v4)

This cache is used to store certificates and keys
issued by the leader unit. Non-leader units read
these certificates and keep data in their
"tls-certificates" relations up to date.
This ensures that charm units that receive certs
from vault can read from relation data of any
vault unit and receive correct data.

This patch is mostly the same as
I18aa6c9193379ea454851b6f60a8f331ef88a980
but improved to avoid LP#1896542 by removing
the section where a certificate can be reused
from cache during create_certs.

Co-Authored-By: Rodrigo Barbieri <email address hidden>
Co-Authored-By: Alex Kavanagh <email address hidden>

func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1153

Closes-Bug: #1940549
Closes-Bug: #1983269
Closes-Bug: #1845961
Related-Bug: #1896542
Change-Id: I0cca13d2042d61ffc6a7c13eccb0ec8c292020c9
(cherry picked from commit 1a1953b0ef23f724e9295505b100eca22ef9a6cd)
(cherry picked from commit 56ca825332964a58961f6df3a1ca52df394f2d2c)

4856a06... by Robert Gildein on 2023-04-19

Improve snap channel refresh mechanism

- stop vault.service before rephrasing it
- added a warning note that changing the channel config option will
  cause the vault to be sealed

Related-Bug: 2007587
Change-Id: I240ebb4bd14932a6bf95f41da3f2cd7776742266
(cherry picked from commit 9e927889d0e29de919816c315b2c6f5643f53049)

ba1ffbf... by Felipe Reyes on 2023-08-08

Pin PyYAML<5.4.0

PyYAML fails to build with Cython, this patch pins PyYAML to the latest
version that doesn't use Cython.

Also relax the pinning of charm-tools to allow the use of maintenance
releases.

Related-Bug: #2030789
Change-Id: I5131e6401fced5b509cadf717553fdfcbba07c0a

00a2243... by Alex Kavanagh on 2023-04-14

Revert "Implement cert cache for vault units (v3)"

This reverts commit acabfa31a7d6dbef20e6a3b5110141dad57cac7c.

Reason for revert:

Reason for revert:

The bug in [1] caused all the yoga tests to fail in integration testing. Testing with a version of the charm without this commit allowed tests to complete. Thus reverting this until a more complete solution can be found to the original bug(s) [2..4]

[1] https://bugs.launchpad.net/charm-keystone/+bug/2015103
[2] LP #1940549
[3] LP #1983269
[4] LP #1845961

Change-Id: I1a6b0e98917a8160622a80367a250d22eb24d48c

acabfa3... by Martin Kalcok on 2022-02-11

Implement cert cache for vault units (v3)

This cache is used to store certificates and keys
issued by the leader unit. Non-leader units read
these certificates and keep data in their
"tls-certificates" relations up to date.
This ensures that charm units that receive certs
from vault can read from relation data of any
vault unit and receive correct data.

This patch is mostly the same as
f55055b8783ca6f3f569209b4f82285377f5ac64
but improved to avoid LP#1983269 by breaking
down the cert cache into separate key-value pairs
for each remote unit and avoiding a race-condition
caused by get-csr action. Instead of using
leader-settings, this patch is now using
application data bag provided by a new vault-ha
relation implementation.

Co-Authored-By: Rodrigo Barbieri <email address hidden>

Change-Id: I18aa6c9193379ea454851b6f60a8f331ef88a980
Closes-Bug: #1940549
Closes-Bug: #1983269
Closes-Bug: #1845961
(cherry picked from commit 04a237660b0e1aaa8d35f7c110c8f4fa2c38621d)
(cherry picked from commit 7a8a667a68bdfb1e63a9765fb39badff52ebd694)

be34ad5... by Corey Bryant on 2023-01-20

Pin tox to < 4.0.0

Tox 4.0.0 was recently released and it has several breaking changes.
We pin to < 4.0.0 here. We are planning to move forward only on the
master charm branches.

Tox is also pinned to < 4.0.0 for stable branches in upstream
openstack-zuul-jobs as well as in zosci-config. However, the
requires= section in the charm's tox.ini file ends up installing
tox>4, wiping out the zuul-pinned tox<4 that was already installed
installed. This patch fixes that.

Additional changes included in this patch:
- Add bindep.txt to install standard binary dependencies.
- Switch charm-tools to 2.8.4 to remove ruamel requirement that
  doesn't work on Python 3.10.

Related-Bug: #2002788
Change-Id: I00632e7e48f0b9be58f3571cf3596f5ee4036339

8cd82fb... by Zuul <email address hidden> on 2022-08-29

Merge "Reload vault on configure" into stable/1.7