[xena] Ensure get_requests_for_local_unit doesn't fail on incomplete …

…relation This is a rebuild/make sync for charms to pickup the fix in charmhelpers to fix any inadvertant accesses of ['ca'] in the relation data before it is available from vault in the certificates relation. Fix in charmhelpers is in [1]. [1] juju/charm-helpers#828 Closes-Bug: #2028683 Change-Id: I9981aad11d9372b29b0095f56d3f04c1471fe4b0
openstack · Aug 17, 2023 · 830835e · 830835e
1 parent 9d69e71
commit 830835e
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 14 deletions.
diff --git a/charm-helpers-hooks.yaml b/charm-helpers-hooks.yaml
@@ -1,4 +1,4 @@
-repo: https://github.com/juju/charm-helpers@stable/21.10
+repo: https://github.com/juju/charm-helpers@stable/xena
 destination: charmhelpers
 include:
     - core

diff --git a/charmhelpers/contrib/openstack/cert_utils.py b/charmhelpers/contrib/openstack/cert_utils.py
@@ -414,18 +414,27 @@ def get_requests_for_local_unit(relation_name=None):
         is_legacy_request = set(sent).intersection(legacy_keys)
         for unit in related_units(rid):
             data = relation_get(rid=rid, unit=unit)
-            if data.get(raw_certs_key):
-                bundles.append({
-                    'ca': data['ca'],
-                    'chain': data.get('chain'),
-                    'certs': json.loads(data[raw_certs_key])})
-            elif is_legacy_request:
-                bundles.append({
-                    'ca': data['ca'],
-                    'chain': data.get('chain'),
-                    'certs': {sent['common_name']:
-                              {'cert': data.get(local_name + '.server.cert'),
-                               'key': data.get(local_name + '.server.key')}}})
+            # Note: Bug#2028683 - data may not be available if the certificates
+            # relation hasn't been populated by the providing charm. If no 'ca'
+            # in the data then don't attempt the bundle at all.
+            if data.get('ca'):
+                if data.get(raw_certs_key):
+                    bundles.append({
+                        'ca': data['ca'],
+                        'chain': data.get('chain'),
+                        'certs': json.loads(data[raw_certs_key])
+                    })
+                elif is_legacy_request:
+                    bundles.append({
+                        'ca': data['ca'],
+                        'chain': data.get('chain'),
+                        'certs': {
+                            sent['common_name']: {
+                                'cert': data.get(local_name + '.server.cert'),
+                                'key': data.get(local_name + '.server.key')
+                            }
+                        }
+                    })
 
     return bundles
 

diff --git a/tox.ini b/tox.ini
@@ -85,7 +85,8 @@ deps = -r{toxinidir}/requirements.txt
 [testenv:pep8]
 basepython = python3
 deps = flake8==3.9.2
-       charm-tools==2.8.3
+       PyYAML==6.0.1
+       charm-tools==2.8.6
 commands = flake8 {posargs} hooks unit_tests tests actions lib files
            charm-proof