Last commit made on 2022-08-29
Get this branch:
git clone -b stable/1.7

Branch merges

Branch information


Recent commits

8cd82fb... by Zuul <email address hidden>

Merge "Reload vault on configure" into stable/1.7

820b94d... by Alex Kavanagh

Revert "Implement cert cache for vault units (v2)"

This reverts commit 2ff5f1110ce2013f49fe72cfb3628b97b1b39d26.

Reason for revert:

Reverting cherry-pick as it breaks with large models: See bug:

Change-Id: Ic6e047ef034de79cc171453158bb7bc209f6fbcc

a6779dd... by Samuel Walladge

Reload vault on configure

Always reload reload on configure.
This ensures any certificates changed on disk will be reloaded.
(Such as the tcp listener certificate files.)

Closes-Bug: #1912261
Change-Id: Ic254f38d86c0e8323ed10a2eaa22462797d48605
(cherry picked from commit 4fccd71076c5b7e1e523b711840edb3ee3342776)

2ff5f11... by Martin Kalcok

Implement cert cache for vault units (v2)

This cache is used to store certificates and keys
issued by the leader unit. Non-leader units read
these certificates and keep data in their
"tls-certificates" relations up to date.
This ensures that charm units that receive certs
from vault can read from relation data of any
vault unit and receive correct data.

This patch is the same as
but improved to avoid LP#1970888

(cherry-picked from f55055b8783ca6f3f569209b4f82285377f5ac64)
Change-Id: Ic4dd009cc18c52e1667391b00ebba9928acc5937
Closes-Bug: #1940549
Closes-Bug: #1970888

c2ccd9a... by Alex Kavanagh

Update build.lock for 22.04 cycle

Change-Id: I13983ccbe14914178c163d4080231dcd98323c9a

98db362... by Jeff Hillman

Add action to generate certificate against the PKI.

Created action to utilize the existing
generate_certificate function for on demand
certificates agains the existing vault PKI.

Closes-Bug: #1948837
Change-Id: Ia1a169623c81d6aede7dc52eabd2de94007fde80
(cherry picked from commit d8bfff76e4a907ac8825a95fb2a511f70ef8d868)

946ae6b... by Herve Beraud

Use unittest.mock instead of mock

The mock third party library was needed for mock support in py2
runtimes. Since we now only support py36 and later, we can use the
standard lib unittest.mock module instead.

Note that is used during tests
and he need `mock`, unfortunatelly it doesn't declare `mock` in its
requirements so it retrieve mock from other charm project (cross dependency).
So we depend on charms.openstack first and when
Ib1ed5b598a52375e29e247db9ab4786df5b6d142 will be merged then CI
will pass without errors.

Depends-On: Ib1ed5b598a52375e29e247db9ab4786df5b6d142
Change-Id: I1d7de2bd4d704ffc331fdeacea725e903890f296
(cherry picked from commit 1de27bc18f8879c4782476a8daacbdf0a1cb7077)

110188f... by Felipe Reyes

Register previous vip set for deletion.

When the vip is changed the ones that are no longer present need to be
registered for deletion from pacemaker's configuration. This change
relies on hookenv.config.changed() to determine what vip(s) are no
longer present in the configuration ask hacluster to remove them.

Closes-Bug: #1952363
Change-Id: I7b77cd4f57e1770faf92860ee7846bf480efdb9e
(cherry-picked from commit 2b115c8d488f3c634dc79bfa0af0e46c51f02022)

9962361... by Andy Wu

Report 'Missing CA' if certs relation exist but CA not configured

If vault/leader has certificate relationship with other apps but
root CA is either not configured or cleared by action 'disable-pki',
the status should be set to 'Blocked, Missing CA'

Also add unit test for checking 'missing-CA' status

Closes-Bug: #1940451
Change-Id: I2f0093c0ae6949693f2ad1ea4729b690c932b4b1
(cherry picked from commit 5151d01ee266646ceb579edf1092c994d2ecd42c)

e8f6c76... by Simon D├ęziel

Surround IPv6 addresses with []

Fix typo in tests (s/exmaple/example/g) and add IPv4 and
IPv6 tests URLs.

Signed-off-by: Simon Deziel <email address hidden>
Change-Id: I283f88069371d661535f675cc046b04aec2f3f99
(cherry picked from commit 3742fcbc323fbb0b0621c6f9677763f98eb38c86)