From 37e511d368a7eeac79eebbdc4d820da8abb9b75a Mon Sep 17 00:00:00 2001 From: Liam Young Date: Mon, 11 May 2020 12:54:33 +0000 Subject: [PATCH] Implement allowed IPs action --- actions.yaml | 6 ++++++ src/charm.py | 19 ++++++++++++++----- src/interface_ceph_iscsi_peer.py | 23 +++++++++++++++++++---- templates/iscsi-gateway.cfg | 2 +- unit_tests/test_ceph_iscsi_charm.py | 1 - 5 files changed, 40 insertions(+), 11 deletions(-) diff --git a/actions.yaml b/actions.yaml index 3f8091a..6f91832 100644 --- a/actions.yaml +++ b/actions.yaml @@ -18,6 +18,12 @@ add-trusted-ip: type: string default: '' description: "Space seperated list of trusted ips" + overwrite: + type: boolean + default: False + description: "If False append IPs to list" + required: + - ips create-target: description: "Create a new cache tier" params: diff --git a/src/charm.py b/src/charm.py index 1e22a1c..949630f 100755 --- a/src/charm.py +++ b/src/charm.py @@ -64,6 +64,12 @@ class GatewayClientPeerAdapter(PeerAdapter): hosts = self.relation.peer_addresses return ' '.join(sorted(hosts)) + @property + def trusted_ips(self): + ips = self.allowed_ips + ips.extend(self.relation.peer_addresses) + return ' '.join(sorted(ips)) + class TLSCertificatesAdapter(adapters.OpenStackOperRelationAdapter): @@ -129,8 +135,7 @@ class CephISCSIGatewayCharmBase(ops_openstack.OSBaseCharm): logging.info("Using {} class".format(self.release)) self.state.set_default( target_created=False, - enable_tls=False, - additional_trusted_ips=[]) + enable_tls=False) self.ceph_client = interface_ceph_client.CephClientRequires( self, 'ceph-client') @@ -152,6 +157,9 @@ class CephISCSIGatewayCharmBase(ops_openstack.OSBaseCharm): self.framework.observe( self.peers.on.has_peers, self) + self.framework.observe( + self.peers.on.allowed_ips_changed, + self.render_config) self.framework.observe( self.ca_client.on.tls_app_config_ready, self.on_tls_app_config_ready) @@ -294,10 +302,11 @@ class CephISCSIGatewayCharmBase(ops_openstack.OSBaseCharm): def on_add_trusted_ip_action(self, event): if self.unit.is_leader(): - self.state.additional_trusted_ips = event.params.get('ips') - logging.info(len(self.state.additional_trusted_ips)) + ips = event.params.get('ips').split() self.peers.set_allowed_ips( - self.state.additional_trusted_ips) + ips, + append=not event.params['overwrite']) + self.render_config(event) else: event.fail("Action must be run on leader") diff --git a/src/interface_ceph_iscsi_peer.py b/src/interface_ceph_iscsi_peer.py index e8a9df2..d509762 100644 --- a/src/interface_ceph_iscsi_peer.py +++ b/src/interface_ceph_iscsi_peer.py @@ -20,9 +20,14 @@ class ReadyPeersEvent(EventBase): pass +class AllowedIpsChangedEvent(EventBase): + pass + + class CephISCSIGatewayPeerEvents(ObjectEvents): has_peers = EventSource(HasPeersEvent) ready_peers = EventSource(ReadyPeersEvent) + allowed_ips_changed = EventSource(AllowedIpsChangedEvent) class CephISCSIGatewayPeers(Object): @@ -38,6 +43,8 @@ class CephISCSIGatewayPeers(Object): super().__init__(charm, relation_name) self.relation_name = relation_name self.this_unit = self.framework.model.unit + self.state.set_default( + allowed_ips=[]) self.framework.observe( charm.on[relation_name].relation_changed, self.on_changed) @@ -47,14 +54,22 @@ class CephISCSIGatewayPeers(Object): self.on.has_peers.emit() if self.ready_peer_details: self.on.ready_peers.emit() + if self.allowed_ips != self.state.allowed_ips: + self.on.allowed_ips_changed.emit() + self.state.allowed_ips = self.allowed_ips def set_admin_password(self, password): logging.info("Setting admin password") self.peer_rel.data[self.peer_rel.app][self.PASSWORD_KEY] = password - def set_allowed_ips(self, ips): - logging.info("Setting allowed ips") - ip_str = json.dumps(ips) + def set_allowed_ips(self, ips, append=True): + logging.info("Setting allowed ips: {}".format(append)) + trusted_ips = [] + if append and self.allowed_ips: + trusted_ips = self.allowed_ips + trusted_ips.extend(ips) + trusted_ips = sorted(list(set(trusted_ips))) + ip_str = json.dumps(trusted_ips) self.peer_rel.data[self.peer_rel.app][self.ALLOWED_IPS_KEY] = ip_str def announce_ready(self): @@ -106,7 +121,7 @@ class CephISCSIGatewayPeers(Object): if not self.peer_rel: return None ip_str = self.peer_rel.data[self.peer_rel.app].get( - self.ALLOWED_IPS_KEY) + self.ALLOWED_IPS_KEY, '[]') return json.loads(ip_str) @property diff --git a/templates/iscsi-gateway.cfg b/templates/iscsi-gateway.cfg index c8db2bb..c9f2bba 100644 --- a/templates/iscsi-gateway.cfg +++ b/templates/iscsi-gateway.cfg @@ -11,4 +11,4 @@ api_secure = {{ certificates.enable_tls }} api_user = admin api_password = {{ cluster.admin_password }} api_port = 5000 -trusted_ip_list = {{ cluster.gw_hosts }} +trusted_ip_list = {{ cluster.trusted_ips }} diff --git a/unit_tests/test_ceph_iscsi_charm.py b/unit_tests/test_ceph_iscsi_charm.py index 433c848..43ed661 100644 --- a/unit_tests/test_ceph_iscsi_charm.py +++ b/unit_tests/test_ceph_iscsi_charm.py @@ -173,7 +173,6 @@ class TestCephISCSIGatewayCharmBase(CharmTestCase): self.harness.begin() self.assertFalse(self.harness.charm.state.target_created) self.assertFalse(self.harness.charm.state.enable_tls) - self.assertEqual(self.harness.charm.state.additional_trusted_ips, []) def add_cluster_relation(self): rel_id = self.harness.add_relation('cluster', 'ceph-iscsi')