Implement allowed IPs action

actions.yaml

@@ -18,6 +18,12 @@ add-trusted-ip:
       type: string
       default: ''
       description: "Space seperated list of trusted ips"
+    overwrite:
+      type: boolean
+      default: False
+      description: "If False append IPs to list"
+  required:
+    - ips
 create-target:
   description: "Create a new cache tier"
   params:

src/charm.py

@@ -64,6 +64,12 @@ class GatewayClientPeerAdapter(PeerAdapter):
         hosts = self.relation.peer_addresses
         return ' '.join(sorted(hosts))
 
+    @property
+    def trusted_ips(self):
+        ips = self.allowed_ips
+        ips.extend(self.relation.peer_addresses)
+        return ' '.join(sorted(ips))
+
 
 class TLSCertificatesAdapter(adapters.OpenStackOperRelationAdapter):
 
@@ -129,8 +135,7 @@ class CephISCSIGatewayCharmBase(ops_openstack.OSBaseCharm):
         logging.info("Using {} class".format(self.release))
         self.state.set_default(
             target_created=False,
-            enable_tls=False,
-            additional_trusted_ips=[])
+            enable_tls=False)
         self.ceph_client = interface_ceph_client.CephClientRequires(
             self,
             'ceph-client')
@@ -152,6 +157,9 @@ class CephISCSIGatewayCharmBase(ops_openstack.OSBaseCharm):
         self.framework.observe(
             self.peers.on.has_peers,
             self)
+        self.framework.observe(
+            self.peers.on.allowed_ips_changed,
+            self.render_config)
         self.framework.observe(
             self.ca_client.on.tls_app_config_ready,
             self.on_tls_app_config_ready)
@@ -294,10 +302,11 @@ class CephISCSIGatewayCharmBase(ops_openstack.OSBaseCharm):
 
     def on_add_trusted_ip_action(self, event):
         if self.unit.is_leader():
-            self.state.additional_trusted_ips = event.params.get('ips')
-            logging.info(len(self.state.additional_trusted_ips))
+            ips = event.params.get('ips').split()
             self.peers.set_allowed_ips(
-                self.state.additional_trusted_ips)
+                ips,
+                append=not event.params['overwrite'])
+            self.render_config(event)
         else:
             event.fail("Action must be run on leader")
 

src/interface_ceph_iscsi_peer.py

@@ -20,9 +20,14 @@ class ReadyPeersEvent(EventBase):
     pass
 
 
+class AllowedIpsChangedEvent(EventBase):
+    pass
+
+
 class CephISCSIGatewayPeerEvents(ObjectEvents):
     has_peers = EventSource(HasPeersEvent)
     ready_peers = EventSource(ReadyPeersEvent)
+    allowed_ips_changed = EventSource(AllowedIpsChangedEvent)
 
 
 class CephISCSIGatewayPeers(Object):
@@ -38,6 +43,8 @@ class CephISCSIGatewayPeers(Object):
         super().__init__(charm, relation_name)
         self.relation_name = relation_name
         self.this_unit = self.framework.model.unit
+        self.state.set_default(
+            allowed_ips=[])
         self.framework.observe(
             charm.on[relation_name].relation_changed,
             self.on_changed)
@@ -47,14 +54,22 @@ class CephISCSIGatewayPeers(Object):
         self.on.has_peers.emit()
         if self.ready_peer_details:
             self.on.ready_peers.emit()
+        if self.allowed_ips != self.state.allowed_ips:
+            self.on.allowed_ips_changed.emit()
+        self.state.allowed_ips = self.allowed_ips
 
     def set_admin_password(self, password):
         logging.info("Setting admin password")
         self.peer_rel.data[self.peer_rel.app][self.PASSWORD_KEY] = password
 
-    def set_allowed_ips(self, ips):
-        logging.info("Setting allowed ips")
-        ip_str = json.dumps(ips)
+    def set_allowed_ips(self, ips, append=True):
+        logging.info("Setting allowed ips: {}".format(append))
+        trusted_ips = []
+        if append and self.allowed_ips:
+            trusted_ips = self.allowed_ips
+        trusted_ips.extend(ips)
+        trusted_ips = sorted(list(set(trusted_ips)))
+        ip_str = json.dumps(trusted_ips)
         self.peer_rel.data[self.peer_rel.app][self.ALLOWED_IPS_KEY] = ip_str
 
     def announce_ready(self):
@@ -106,7 +121,7 @@ class CephISCSIGatewayPeers(Object):
         if not self.peer_rel:
             return None
         ip_str = self.peer_rel.data[self.peer_rel.app].get(
-            self.ALLOWED_IPS_KEY)
+            self.ALLOWED_IPS_KEY, '[]')
         return json.loads(ip_str)
 
     @property

templates/iscsi-gateway.cfg

@@ -11,4 +11,4 @@ api_secure = {{ certificates.enable_tls }}
 api_user = admin
 api_password = {{ cluster.admin_password }}
 api_port = 5000
-trusted_ip_list = {{ cluster.gw_hosts }}
+trusted_ip_list = {{ cluster.trusted_ips }}

unit_tests/test_ceph_iscsi_charm.py

@@ -173,7 +173,6 @@ class TestCephISCSIGatewayCharmBase(CharmTestCase):
         self.harness.begin()
         self.assertFalse(self.harness.charm.state.target_created)
         self.assertFalse(self.harness.charm.state.enable_tls)
-        self.assertEqual(self.harness.charm.state.additional_trusted_ips, [])
 
     def add_cluster_relation(self):
         rel_id = self.harness.add_relation('cluster', 'ceph-iscsi')