vault-charm:stable/18.11

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

e9ad44b... by OpenDev Sysadmins <email address hidden> on 2019-04-19

OpenDev Migration Patch

This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.

ef54d89... by Cory Johns on 2019-02-07

Fix disable and re-enable of PKI secrets engine

Several flags were not being managed properly, and certs were not being
re-issued when PKI was re-enabled.

Conflicts:
  src/actions/actions.py
    Conflicts in pload_signed_csr() and generate_root_ca() from
    (8f490507bce678c9a2d79bff5efb04a852f19118) The order of the patches
    changed which brings small conflicts

Closes-Bug: #1813180
Change-Id: Ifac75028897d22c277750a747f79d4dfedb4f987
(cherry picked from commit 3b947315200f295651eed07f5ca80a65abca459e)

8f8e4bb... by James Page on 2019-01-16

Correct key name for PKI backend TTL

Switch max-lease-ttl -> max_lease_ttl inline with Vault API
docs to ensure that certs can be issued for more than 30 days.

Existing deployments with PKI enabled will be re-tuned to
set max_lease_ttl to 10 years, correcting any existing PKI
enablement.

Certificates must be re-issued to use the TTL as provided
during upload of the signed CSR for an Intermediate certificate.

For deploys using the internally signed Root CA, the root
CA must be re-generated using the 'disable-pki' and
'generate-root-ca' actions.

Change-Id: I6a771090e320404c605d2170c7915c3c22a3ea2c
Closes-Bug: 1788945
(cherry picked from commit 6f043bb7ca8710dd7c1746297b6f98f743c3499a)

1d10e93... by Cory Johns on 2019-02-07

Improve Vault startup handling

The `@when_file_changed` decorator is not considered reliable.
Additionally, the way it was being used led to a race condition where
the Vault service might never get started. This also detects and reports
in a better way if Vault fails to start.

Conflicts:
  unit_tests/test_reactive_vault_handlers.py
    A test_tune_pki_backend() test was introduced by
    (6f043bb7ca8710dd7c1746297b6f98f743c3499a). But because of the
    race condition in CI I had to change the order of the patches and
    put that one at the bottom.

Change-Id: If6153377cd516ed8121e09da627905036128a6ec
(cherry picked from commit 102b222fcec550d7b30eb10583887fa212c61eff)

220f0ee... by Vladimir Grevtsev <email address hidden> on 2019-02-04

Adjusting NRPE script to work with Vault HA and non-SSL Vault

According to Vault docs https://www.vaultproject.io/api/system/health.html,
in standby mode it will return non-200 code by default, causing our current
NRPE script to fail. This change is enforcing Vault to return HTTP 200 for
both active and standby units.

Also, a fix for lp:1813989 is here since Vault is running its healtcheck
interface on loopback interface only using port 8220.

Change-Id: I47a192396ac18b0f3ea1ea60715e150bd841c7cb
Closes-Bug: #1813989
Closes-Bug: #1814323

aee9a3e... by David Ames on 2018-11-20

Updates for stable branch testing

Update zaza bundles to use stable charms

Change-Id: I49c2bcd7024e86558d5f9d8e56be27562d5a76f7

448a586... by David Ames on 2018-11-19

Updates for stable branch creation

Set default branch for git review/gerrit.

Switch amulet tests to stable.

Switch to using stable charm-helpers branch.

Change-Id: I5057189f73de882839859ebb5705a0f2d0eaf726

a101591... by Zuul <email address hidden> on 2018-11-13

Merge "Rebuild for sync charm-helpers"

b5afdc3... by James Page on 2018-05-08

vault-kv: Add functional test and use KV v1

Add ceph-mon and ceph-osd charms to smoke testing bundle
to ensure coverage of vault-kv relation and associated
secrets storage functionality.

Revert default KV backend to v1; v2 has a slightly different
API so revert default KV backend version to v1.

This resolve and issue with vaultlocker access to stored
keys.

Also pin hvac version to < 0.7.0.

Change-Id: I8ed197aba3f9a42399fd4304b21e2a36e3dd6dca

789a378... by Ryan Beisner on 2018-11-07

Rebuild for sync charm-helpers

Change-Id: Ib5becf7f9f34c18e82b969d03f76e0c240d23e40