openstack/charm-barbican-vault
Code Issues Proposed changes

Add `kv_mountpoint` to plugin configuration

Browse Source 
Use bus for auto-loading charm modules instead of import.
This commit is contained in:
Frode Nordahl
2018-10-19 10:08:03 +02:00
parent c7ea27cde7
commit 449b85d0b5
3 changed files with 26 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/lib/charm/openstack/barbican_vault.py
View File

@@ -21,3 +21,8 @@ class BarbicanVaultCharm(charms_openstack.charm.OpenStackCharm):
packages = ['python-castellan'] packages = ['python-castellan']
adapters_class = charms_openstack.adapters.OpenStackRelationAdapters adapters_class = charms_openstack.adapters.OpenStackRelationAdapters
@property
def secret_backend_name(self):
"""Build secret backend name from name of the deployed charm."""
return 'charm-' + self.configuration_class().application_name

29
src/reactive/barbican_vault_handlers.py
View File

@@ -16,11 +16,10 @@ import charmhelpers.core as ch_core
import charms.reactive as reactive import charms.reactive as reactive
import charms_openstack.bus
import charms_openstack.charm as charm import charms_openstack.charm as charm
# The charm class is not used by any handlers, but the import needs to be here charms_openstack.bus.discover()
# for ``charms.openstack`` to find the charm instance.
import charm.openstack.barbican_vault as barbican_vault # noqa
# Use the charms.openstack defaults for common states and hooks # Use the charms.openstack defaults for common states and hooks
charm.use_defaults( charm.use_defaults(
@@ -38,7 +37,9 @@ def secret_backend_vault_request():
ch_core.hookenv.log('Requesting access to vault ({})' ch_core.hookenv.log('Requesting access to vault ({})'
.format(secrets_storage.vault_url), .format(secrets_storage.vault_url),
level=ch_core.hookenv.INFO) level=ch_core.hookenv.INFO)
secrets_storage.request_secret_backend('charm-barbican-vault') with charm.provide_charm_instance() as barbican_vault_charm:
secrets_storage.request_secret_backend(
barbican_vault_charm.secret_backend_name)
@reactive.when_all('endpoint.secrets.joined', 'secrets-storage.available') @reactive.when_all('endpoint.secrets.joined', 'secrets-storage.available')
@@ -46,12 +47,14 @@ def plugin_info_barbican_publish():
barbican = reactive.endpoint_from_flag('endpoint.secrets.joined') barbican = reactive.endpoint_from_flag('endpoint.secrets.joined')
secrets_storage = reactive.endpoint_from_flag( secrets_storage = reactive.endpoint_from_flag(
'secrets-storage.available') 'secrets-storage.available')
vault_data = { with charm.provide_charm_instance() as barbican_vault_charm:
'approle_role_id': secrets_storage.unit_role_id, vault_data = {
'approle_secret_id': secrets_storage.unit_token, 'approle_role_id': secrets_storage.unit_role_id,
'vault_url': secrets_storage.vault_url, 'approle_secret_id': secrets_storage.unit_token,
'use_ssl': 'false', # XXX 'vault_url': secrets_storage.vault_url,
} 'kv_mountpoint': barbican_vault_charm.secret_backend_name,
ch_core.hookenv.log('Publishing vault plugin info to barbican', 'use_ssl': 'false', # XXX
level=ch_core.hookenv.INFO) }
barbican.publish_plugin_info('vault', vault_data) ch_core.hookenv.log('Publishing vault plugin info to barbican',
level=ch_core.hookenv.INFO)
barbican.publish_plugin_info('vault', vault_data)

7
unit_tests/test_barbican_vault_handlers.py
View File

@@ -57,12 +57,14 @@ class TestBarbicanVaultHandlers(test_utils.PatchHelper):
self.provide_charm_instance().__enter__.return_value = \ self.provide_charm_instance().__enter__.return_value = \
barbican_vault_charm barbican_vault_charm
self.provide_charm_instance().__exit__.return_value = None self.provide_charm_instance().__exit__.return_value = None
return barbican_vault_charm
def test_secret_backend_vault_request(self): def test_secret_backend_vault_request(self):
self.patch_charm() barbican_vault_charm = self.patch_charm()
self.patch_object(handlers.reactive, 'endpoint_from_flag') self.patch_object(handlers.reactive, 'endpoint_from_flag')
secrets_storage = mock.MagicMock() secrets_storage = mock.MagicMock()
self.endpoint_from_flag.return_value = secrets_storage self.endpoint_from_flag.return_value = secrets_storage
barbican_vault_charm.secret_backend_name = 'charm-barbican-vault'
handlers.secret_backend_vault_request() handlers.secret_backend_vault_request()
self.endpoint_from_flag.assert_called_once_with( self.endpoint_from_flag.assert_called_once_with(
@@ -71,7 +73,7 @@ class TestBarbicanVaultHandlers(test_utils.PatchHelper):
'charm-barbican-vault') 'charm-barbican-vault')
def test_plugin_info_barbican_publish(self): def test_plugin_info_barbican_publish(self):
self.patch_charm() barbican_vault_charm = self.patch_charm()
self.patch_object(handlers.reactive, 'endpoint_from_flag') self.patch_object(handlers.reactive, 'endpoint_from_flag')
barbican = mock.MagicMock() barbican = mock.MagicMock()
secrets_storage = mock.MagicMock() secrets_storage = mock.MagicMock()
@@ -86,6 +88,7 @@ class TestBarbicanVaultHandlers(test_utils.PatchHelper):
'approle_role_id': secrets_storage.unit_role_id, 'approle_role_id': secrets_storage.unit_role_id,
'approle_secret_id': secrets_storage.unit_token, 'approle_secret_id': secrets_storage.unit_token,
'vault_url': secrets_storage.vault_url, 'vault_url': secrets_storage.vault_url,
'kv_mountpoint': barbican_vault_charm.secret_backend_name,
'use_ssl': 'false', # XXX 'use_ssl': 'false', # XXX
} }
barbican.publish_plugin_info.assert_called_once_with( barbican.publish_plugin_info.assert_called_once_with(