Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: credential refresh on config change #56

Merged
merged 2 commits into from
Apr 7, 2022
Merged

fix: credential refresh on config change #56

merged 2 commits into from
Apr 7, 2022

Conversation

ca-scribner
Copy link
Contributor

Fixes bug where changes to Minio's credentials via juju config would not be replicated to the Minio workload. Previously, juju config minio access-key something-new would not trigger a restart of the Minio workload, thus not actually change the credentials (unless the pod was later deleted). This PR implements logic to automate this, as well as tests to support it.

fixes #47

Other misc changes:

  • feat: make integration test idempotent
  • refactor: encapsulate logic for tests, moving connect-to-minio logic into a reusable helper so it can be used by multiple tests
  • refactor: add arg for access/secret_key in connect_client_to_server
  • feat: make connection test attempts auto-retry using tenacity.retry
  • fix: unpin black to fix linting/formatting

@ca-scribner
Refactor integration tests (#49)
5c5f7e6 
* feat: make integration test idempotent
* refactor: encapsulate logic for tests, moving connect-to-minio logic into a reusable helper so it can be used by multiple tests
* refactor: add arg for access/secret_key in connect_client_to_server
* feat: make connection test attempts auto-retry using tenacity.retry
* fix: unpin black to fix linting/formatting
@ca-scribner
fix: credential refresh on config change (#50)
882908f 
* feat: add hash of config to env vars

Fixes #47

This adds a hash of the current config to environment variables in order to trigger creating a new pod whenever config changes.  This ensures minio will restart whenever someone does `juju config minio access-key=newKey` or similar.  This also adds unit tests for the new code

Implementation:
* refactor handling the default value for secret-key (moved to `_get_secret_key()`) to make it reusable
* add `_generate_config_hash()` to create the hash of the current config

* fix: _get_secret_key try/except caught wrong exception

Fixes bug where we catch errors about missing data in self._stored.  Was using `except KeyError`, but `self._stored` raises an `AttributeError` if data is not available.

* fix: linting/formatting

* feat: Add integration test for credential refresh

* fix: test_refresh_credentials

Updates test_refresh_credentials to use the refactored connect_client_to_server.
@ca-scribner ca-scribner marked this pull request as ready for review April 7, 2022 12:50
@ca-scribner ca-scribner requested a review from a team as a code owner April 7, 2022 12:50
@ca-scribner
Copy link
Contributor Author

All content in this PR was reviewed when merged into this branch, so it should be good to go

@DomFleischmann DomFleischmann merged commit ff66ebc into master Apr 7, 2022
@DomFleischmann DomFleischmann deleted the KF-236-fix-credential-refresh branch April 7, 2022 12:54
@misohu misohu mentioned this pull request Aug 18, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DomFleischmann DomFleischmann DomFleischmann approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Minio does not restart minio if someone changes access-key/secret-key via juju config
2 participants
@ca-scribner @DomFleischmann