Implement allowed IPs action
This commit is contained in:
Liam Young
parent
daea034fbd
commit
37e511d368
@ -18,6 +18,12 @@ add-trusted-ip:
|
|||||||
type: string
|
type: string
|
||||||
default: ''
|
default: ''
|
||||||
description: "Space seperated list of trusted ips"
|
description: "Space seperated list of trusted ips"
|
||||||
|
overwrite:
|
||||||
|
type: boolean
|
||||||
|
default: False
|
||||||
|
description: "If False append IPs to list"
|
||||||
|
required:
|
||||||
|
- ips
|
||||||
create-target:
|
create-target:
|
||||||
description: "Create a new cache tier"
|
description: "Create a new cache tier"
|
||||||
params:
|
params:
|
||||||
|
|||||||
19
src/charm.py
19
src/charm.py
@ -64,6 +64,12 @@ class GatewayClientPeerAdapter(PeerAdapter):
|
|||||||
hosts = self.relation.peer_addresses
|
hosts = self.relation.peer_addresses
|
||||||
return ' '.join(sorted(hosts))
|
return ' '.join(sorted(hosts))
|
||||||
|
|
||||||
|
@property
|
||||||
|
def trusted_ips(self):
|
||||||
|
ips = self.allowed_ips
|
||||||
|
ips.extend(self.relation.peer_addresses)
|
||||||
|
return ' '.join(sorted(ips))
|
||||||
|
|
||||||
|
|
||||||
class TLSCertificatesAdapter(adapters.OpenStackOperRelationAdapter):
|
class TLSCertificatesAdapter(adapters.OpenStackOperRelationAdapter):
|
||||||
|
|
||||||
@ -129,8 +135,7 @@ class CephISCSIGatewayCharmBase(ops_openstack.OSBaseCharm):
|
|||||||
logging.info("Using {} class".format(self.release))
|
logging.info("Using {} class".format(self.release))
|
||||||
self.state.set_default(
|
self.state.set_default(
|
||||||
target_created=False,
|
target_created=False,
|
||||||
enable_tls=False,
|
enable_tls=False)
|
||||||
additional_trusted_ips=[])
|
|
||||||
self.ceph_client = interface_ceph_client.CephClientRequires(
|
self.ceph_client = interface_ceph_client.CephClientRequires(
|
||||||
self,
|
self,
|
||||||
'ceph-client')
|
'ceph-client')
|
||||||
@ -152,6 +157,9 @@ class CephISCSIGatewayCharmBase(ops_openstack.OSBaseCharm):
|
|||||||
self.framework.observe(
|
self.framework.observe(
|
||||||
self.peers.on.has_peers,
|
self.peers.on.has_peers,
|
||||||
self)
|
self)
|
||||||
|
self.framework.observe(
|
||||||
|
self.peers.on.allowed_ips_changed,
|
||||||
|
self.render_config)
|
||||||
self.framework.observe(
|
self.framework.observe(
|
||||||
self.ca_client.on.tls_app_config_ready,
|
self.ca_client.on.tls_app_config_ready,
|
||||||
self.on_tls_app_config_ready)
|
self.on_tls_app_config_ready)
|
||||||
@ -294,10 +302,11 @@ class CephISCSIGatewayCharmBase(ops_openstack.OSBaseCharm):
|
|||||||
|
|
||||||
def on_add_trusted_ip_action(self, event):
|
def on_add_trusted_ip_action(self, event):
|
||||||
if self.unit.is_leader():
|
if self.unit.is_leader():
|
||||||
self.state.additional_trusted_ips = event.params.get('ips')
|
ips = event.params.get('ips').split()
|
||||||
logging.info(len(self.state.additional_trusted_ips))
|
|
||||||
self.peers.set_allowed_ips(
|
self.peers.set_allowed_ips(
|
||||||
self.state.additional_trusted_ips)
|
ips,
|
||||||
|
append=not event.params['overwrite'])
|
||||||
|
self.render_config(event)
|
||||||
else:
|
else:
|
||||||
event.fail("Action must be run on leader")
|
event.fail("Action must be run on leader")
|
||||||
|
|
||||||
|
|||||||
@ -20,9 +20,14 @@ class ReadyPeersEvent(EventBase):
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class AllowedIpsChangedEvent(EventBase):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
class CephISCSIGatewayPeerEvents(ObjectEvents):
|
class CephISCSIGatewayPeerEvents(ObjectEvents):
|
||||||
has_peers = EventSource(HasPeersEvent)
|
has_peers = EventSource(HasPeersEvent)
|
||||||
ready_peers = EventSource(ReadyPeersEvent)
|
ready_peers = EventSource(ReadyPeersEvent)
|
||||||
|
allowed_ips_changed = EventSource(AllowedIpsChangedEvent)
|
||||||
|
|
||||||
|
|
||||||
class CephISCSIGatewayPeers(Object):
|
class CephISCSIGatewayPeers(Object):
|
||||||
@ -38,6 +43,8 @@ class CephISCSIGatewayPeers(Object):
|
|||||||
super().__init__(charm, relation_name)
|
super().__init__(charm, relation_name)
|
||||||
self.relation_name = relation_name
|
self.relation_name = relation_name
|
||||||
self.this_unit = self.framework.model.unit
|
self.this_unit = self.framework.model.unit
|
||||||
|
self.state.set_default(
|
||||||
|
allowed_ips=[])
|
||||||
self.framework.observe(
|
self.framework.observe(
|
||||||
charm.on[relation_name].relation_changed,
|
charm.on[relation_name].relation_changed,
|
||||||
self.on_changed)
|
self.on_changed)
|
||||||
@ -47,14 +54,22 @@ class CephISCSIGatewayPeers(Object):
|
|||||||
self.on.has_peers.emit()
|
self.on.has_peers.emit()
|
||||||
if self.ready_peer_details:
|
if self.ready_peer_details:
|
||||||
self.on.ready_peers.emit()
|
self.on.ready_peers.emit()
|
||||||
|
if self.allowed_ips != self.state.allowed_ips:
|
||||||
|
self.on.allowed_ips_changed.emit()
|
||||||
|
self.state.allowed_ips = self.allowed_ips
|
||||||
|
|
||||||
def set_admin_password(self, password):
|
def set_admin_password(self, password):
|
||||||
logging.info("Setting admin password")
|
logging.info("Setting admin password")
|
||||||
self.peer_rel.data[self.peer_rel.app][self.PASSWORD_KEY] = password
|
self.peer_rel.data[self.peer_rel.app][self.PASSWORD_KEY] = password
|
||||||
|
|
||||||
def set_allowed_ips(self, ips):
|
def set_allowed_ips(self, ips, append=True):
|
||||||
logging.info("Setting allowed ips")
|
logging.info("Setting allowed ips: {}".format(append))
|
||||||
ip_str = json.dumps(ips)
|
trusted_ips = []
|
||||||
|
if append and self.allowed_ips:
|
||||||
|
trusted_ips = self.allowed_ips
|
||||||
|
trusted_ips.extend(ips)
|
||||||
|
trusted_ips = sorted(list(set(trusted_ips)))
|
||||||
|
ip_str = json.dumps(trusted_ips)
|
||||||
self.peer_rel.data[self.peer_rel.app][self.ALLOWED_IPS_KEY] = ip_str
|
self.peer_rel.data[self.peer_rel.app][self.ALLOWED_IPS_KEY] = ip_str
|
||||||
|
|
||||||
def announce_ready(self):
|
def announce_ready(self):
|
||||||
@ -106,7 +121,7 @@ class CephISCSIGatewayPeers(Object):
|
|||||||
if not self.peer_rel:
|
if not self.peer_rel:
|
||||||
return None
|
return None
|
||||||
ip_str = self.peer_rel.data[self.peer_rel.app].get(
|
ip_str = self.peer_rel.data[self.peer_rel.app].get(
|
||||||
self.ALLOWED_IPS_KEY)
|
self.ALLOWED_IPS_KEY, '[]')
|
||||||
return json.loads(ip_str)
|
return json.loads(ip_str)
|
||||||
|
|
||||||
@property
|
@property
|
||||||
|
|||||||
@ -11,4 +11,4 @@ api_secure = {{ certificates.enable_tls }}
|
|||||||
api_user = admin
|
api_user = admin
|
||||||
api_password = {{ cluster.admin_password }}
|
api_password = {{ cluster.admin_password }}
|
||||||
api_port = 5000
|
api_port = 5000
|
||||||
trusted_ip_list = {{ cluster.gw_hosts }}
|
trusted_ip_list = {{ cluster.trusted_ips }}
|
||||||
|
|||||||
@ -173,7 +173,6 @@ class TestCephISCSIGatewayCharmBase(CharmTestCase):
|
|||||||
self.harness.begin()
|
self.harness.begin()
|
||||||
self.assertFalse(self.harness.charm.state.target_created)
|
self.assertFalse(self.harness.charm.state.target_created)
|
||||||
self.assertFalse(self.harness.charm.state.enable_tls)
|
self.assertFalse(self.harness.charm.state.enable_tls)
|
||||||
self.assertEqual(self.harness.charm.state.additional_trusted_ips, [])
|
|
||||||
|
|
||||||
def add_cluster_relation(self):
|
def add_cluster_relation(self):
|
||||||
rel_id = self.harness.add_relation('cluster', 'ceph-iscsi')
|
rel_id = self.harness.add_relation('cluster', 'ceph-iscsi')
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user