search

canonical / postgresql-operator

A Charmed Operator for running PostgreSQL on machines
https://charmhub.io/postgresql
Apache License 2.0
8 stars 19 forks source link

Certificates integration raises ValueError: This extension has already been set. #259

Closed Martwall closed 8 months ago

Martwall commented 11 months ago

Steps to reproduce

juju deploy postgresql
juju deploy self-signed-certificates --channel edge
juju integrate self-signed-certificates postgresql

Expected behavior

The integration hooks finishes successfully.

Actual behavior

The relation-changed hook errors. The CertificateCreationRequestEvent raises a ValueError exception.

Versions

Operating system: Ubuntu 22.04

Juju CLI: 3.1.6-genericlinux-amd64

Juju agent: 14.9

Charm revision: 336

LXD: 5.18

Log output

Juju debug log: 

unit-self-signed-certificates-0: 08:32:13 DEBUG unit.self-signed-certificates/0.juju-log certificates:9: ops 2.7.0 up and running.
unit-self-signed-certificates-0: 08:32:13 DEBUG unit.self-signed-certificates/0.juju-log certificates:9: Emitting Juju event certificates_relation_created.
unit-postgresql-0: 08:32:13 DEBUG unit.postgresql/0.juju-log certificates:9: ops 2.7.0 up and running.
unit-postgresql-0: 08:32:13 DEBUG unit.postgresql/0.juju-log certificates:9: Emitting Juju event certificates_relation_created.
unit-self-signed-certificates-0: 08:32:13 INFO juju.worker.uniter.operation ran "certificates-relation-created" hook (via hook dispatching script: dispatch)
unit-self-signed-certificates-0: 08:32:14 DEBUG unit.self-signed-certificates/0.juju-log certificates:9: ops 2.7.0 up and running.
unit-self-signed-certificates-0: 08:32:14 DEBUG unit.self-signed-certificates/0.juju-log certificates:9: Emitting Juju event certificates_relation_joined.
unit-postgresql-0: 08:32:14 INFO juju.worker.uniter.operation ran "certificates-relation-created" hook (via hook dispatching script: dispatch)
unit-self-signed-certificates-0: 08:32:14 INFO juju.worker.uniter.operation ran "certificates-relation-joined" hook (via hook dispatching script: dispatch)
unit-postgresql-0: 08:32:14 DEBUG unit.postgresql/0.juju-log certificates:9: ops 2.7.0 up and running.
unit-self-signed-certificates-0: 08:32:14 DEBUG unit.self-signed-certificates/0.juju-log certificates:9: ops 2.7.0 up and running.
unit-self-signed-certificates-0: 08:32:14 DEBUG unit.self-signed-certificates/0.juju-log certificates:9: Emitting Juju event certificates_relation_changed.
unit-self-signed-certificates-0: 08:32:14 DEBUG unit.self-signed-certificates/0.juju-log certificates:9: Relation data did not pass JSON Schema validation
unit-postgresql-0: 08:32:14 DEBUG unit.postgresql/0.juju-log certificates:9: Emitting Juju event certificates_relation_joined.
unit-postgresql-0: 08:32:14 DEBUG unit.postgresql/0.juju-log certificates:9: Secret secret://c48eed3e-8571-4b46-8b91-3404fc78ba01/ckp6rcd1694j9epo0dgg downloaded
unit-postgresql-0: 08:32:14 DEBUG unit.postgresql/0.juju-log certificates:9: Secret unit:key was key set
unit-self-signed-certificates-0: 08:32:14 INFO juju.worker.uniter.operation ran "certificates-relation-changed" hook (via hook dispatching script: dispatch)
unit-postgresql-0: 08:32:14 DEBUG unit.postgresql/0.juju-log certificates:9: Secret unit:csr was csr set
unit-postgresql-0: 08:32:14 INFO unit.postgresql/0.juju-log certificates:9: Certificate request sent to provider
unit-postgresql-0: 08:32:15 INFO juju.worker.uniter.operation ran "certificates-relation-joined" hook (via hook dispatching script: dispatch)
unit-self-signed-certificates-0: 08:32:15 DEBUG unit.self-signed-certificates/0.juju-log certificates:9: ops 2.7.0 up and running.
unit-self-signed-certificates-0: 08:32:15 DEBUG unit.self-signed-certificates/0.juju-log certificates:9: Emitting Juju event certificates_relation_changed.
unit-self-signed-certificates-0: 08:32:15 DEBUG unit.self-signed-certificates/0.juju-log certificates:9: Emitting custom event <CertificateCreationRequestEvent via SelfSignedCertificatesCharm/TLSCertificatesProvidesV2[certificates]/on/certificate_creation_request[603]>.
unit-self-signed-certificates-0: 08:32:15 ERROR unit.self-signed-certificates/0.juju-log certificates:9: Uncaught exception while in charm code:
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-self-signed-certificates-0/charm/./src/charm.py", line 267, in <module>
    main(SelfSignedCertificatesCharm)
  File "/var/lib/juju/agents/unit-self-signed-certificates-0/charm/venv/ops/main.py", line 441, in main
    _emit_charm_event(charm, dispatcher.event_name)
  File "/var/lib/juju/agents/unit-self-signed-certificates-0/charm/venv/ops/main.py", line 149, in _emit_charm_event
    event_to_emit.emit(*args, **kwargs)
  File "/var/lib/juju/agents/unit-self-signed-certificates-0/charm/venv/ops/framework.py", line 342, in emit
    framework._emit(event)
  File "/var/lib/juju/agents/unit-self-signed-certificates-0/charm/venv/ops/framework.py", line 839, in _emit
    self._reemit(event_path)
  File "/var/lib/juju/agents/unit-self-signed-certificates-0/charm/venv/ops/framework.py", line 928, in _reemit
    custom_handler(event)
  File "/var/lib/juju/agents/unit-self-signed-certificates-0/charm/lib/charms/tls_certificates_interface/v2/tls_certificates.py", line 1180, in _on_relation_changed
    self.on.certificate_creation_request.emit(
  File "/var/lib/juju/agents/unit-self-signed-certificates-0/charm/venv/ops/framework.py", line 342, in emit
    framework._emit(event)
  File "/var/lib/juju/agents/unit-self-signed-certificates-0/charm/venv/ops/framework.py", line 839, in _emit
    self._reemit(event_path)
  File "/var/lib/juju/agents/unit-self-signed-certificates-0/charm/venv/ops/framework.py", line 928, in _reemit
    custom_handler(event)
  File "/var/lib/juju/agents/unit-self-signed-certificates-0/charm/./src/charm.py", line 204, in _on_certificate_creation_request
    certificate = generate_certificate(
  File "/var/lib/juju/agents/unit-self-signed-certificates-0/charm/lib/charms/tls_certificates_interface/v2/tls_certificates.py", line 756, in generate_certificate
    certificate_builder = certificate_builder.add_extension(
  File "/var/lib/juju/agents/unit-self-signed-certificates-0/charm/venv/cryptography/x509/base.py", line 910, in add_extension
    _reject_duplicate_extension(extension, self._extensions)
  File "/var/lib/juju/agents/unit-self-signed-certificates-0/charm/venv/cryptography/x509/base.py", line 68, in _reject_duplicate_extension
    raise ValueError("This extension has already been set.")
ValueError: This extension has already been set.
unit-postgresql-0: 08:32:15 DEBUG unit.postgresql/0.juju-log certificates:9: ops 2.7.0 up and running.
unit-postgresql-0: 08:32:15 DEBUG unit.postgresql/0.juju-log certificates:9: Emitting Juju event certificates_relation_changed.
unit-postgresql-0: 08:32:15 WARNING unit.postgresql/0.juju-log certificates:9: Provider relation data did not pass JSON Schema validation: {}
unit-self-signed-certificates-0: 08:32:15 ERROR juju.worker.uniter.operation hook "certificates-relation-changed" (via hook dispatching script: dispatch) failed: exit status 1
unit-self-signed-certificates-0: 08:32:15 INFO juju.worker.uniter awaiting error resolution for "relation-changed" hook

Additional context

I have reported the issue at self-signed-certificates repository and they suggested upgrading the tls-certificates interface to v2.

github-actions[bot] commented 11 months ago

https://warthogs.atlassian.net/browse/DPE-2830

dragomirp commented 11 months ago

Hi, @Martwall, we should hopefully work on updating the library in the next couple of weeks. In the mean time you should be able to use tls-certificates-operator from channel legacy/stable instead of the self-signed-certificates charm.

Martwall commented 11 months ago

Alright thanks, I'll give it a try.

marceloneppel commented 8 months ago

It was fixed by revision 363 (from the 14/stable channel).