search

canonical / tls-certificates-interface

Library for charm providers and requirers of x.509 certificates.
https://charmhub.io/tls-certificates-interface
Apache License 2.0
2 stars 8 forks source link

Backward incompatible change in v3 #228

Closed cbartz closed 1 week ago

cbartz commented 2 weeks ago

Bug Description

The change introduced in https://github.com/canonical/tls-certificates-interface/pull/188 is backward incompatible. When a secret created by an earlier version of the library expires, it does not contain the key "csr", so the secret expirde hook fails. See also https://github.com/canonical/nginx-ingress-integrator-operator/issues/162.

To Reproduce

See reproduction steps at https://github.com/canonical/nginx-ingress-integrator-operator/issues/162

Environment

juju 3.1

Relevant log output

unit-nginx-ingress-integrator-0: 11:13:27 DEBUG unit.nginx-ingress-integrator/0.juju-log Emitting Juju event secret_expired.
unit-nginx-ingress-integrator-0: 11:13:27 ERROR unit.nginx-ingress-integrator/0.juju-log Uncaught exception while in charm code:
Traceback (most recent call last):
  File "./src/charm.py", line 557, in <module>
    main(NginxIngressCharm)
  File "/var/lib/juju/agents/unit-nginx-ingress-integrator-0/charm/venv/ops/main.py", line 544, in main
    manager.run()
  File "/var/lib/juju/agents/unit-nginx-ingress-integrator-0/charm/venv/ops/main.py", line 520, in run
    self._emit()
  File "/var/lib/juju/agents/unit-nginx-ingress-integrator-0/charm/venv/ops/main.py", line 509, in _emit
    _emit_charm_event(self.charm, self.dispatcher.event_name)
  File "/var/lib/juju/agents/unit-nginx-ingress-integrator-0/charm/venv/ops/main.py", line 143, in _emit_charm_event
    event_to_emit.emit(*args, **kwargs)
  File "/var/lib/juju/agents/unit-nginx-ingress-integrator-0/charm/venv/ops/framework.py", line 350, in emit
    framework._emit(event)
  File "/var/lib/juju/agents/unit-nginx-ingress-integrator-0/charm/venv/ops/framework.py", line 849, in _emit
    self._reemit(event_path)
  File "/var/lib/juju/agents/unit-nginx-ingress-integrator-0/charm/venv/ops/framework.py", line 939, in _reemit
    custom_handler(event)
  File "/var/lib/juju/agents/unit-nginx-ingress-integrator-0/charm/lib/charms/tls_certificates_interface/v3/tls_certificates.py", line 1971, in _on_secret_expired
    csr = event.secret.get_content()["csr"]
KeyError: 'csr'
unit-nginx-ingress-integrator-0: 11:13:27 ERROR juju.worker.uniter.operation hook "secret-expired" (via hook dispatching script: dispatch) failed: exit status 1

Additional context

No response

gruyaume commented 2 weeks ago

Thank you for reporting this issue @cbartz, we definitely need better upgrade testing here (and in the charm ecosystem in general)