Fix issue with crontab enablement

The token flush and token rotate crontabs are re-written when the leader unit changes inline with Juju leadership management. Align contexts used to generate crontabs with Juju leadership status, rather than corosync/pacemaker. Correct use of OpenStackCompareReleases to ensure that releases between ocata and queens don't automatically enable fernet token behaviour. Change-Id: I6db8d006ceac7b61e69f547682c5a49d876cfec6 Closes-Bug: 1816807

Fix issue with crontab enablement
The token flush and token rotate crontabs are re-written when the leader unit changes inline with Juju leadership management. Align contexts used to generate crontabs with Juju leadership status, rather than corosync/pacemaker. Correct use of OpenStackCompareReleases to ensure that releases between ocata and queens don't automatically enable fernet token behaviour. Change-Id: I6db8d006ceac7b61e69f547682c5a49d876cfec6 Closes-Bug: 1816807
1a07a7e6 · James Page · 2dca2591 · 1a07a7e6 · 1a07a7e6 · 1a07a7e6
Commit 1a07a7e6 authored 6 years ago by James Page
--- a/.pydevproject
+++ b/.pydevproject
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <?eclipse-pydev version="1.0"?><pydev_project>
-<pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.7</pydev_property>
-<pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">Default</pydev_property>
+    <pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.7</pydev_property>
-<pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">
-<path>/keystone/hooks</path>
+    <pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">Default</pydev_property>
-<path>/keystone/unit_tests</path>
-</pydev_pathproperty>
+    <pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">
+        <path>/keystone/hooks</path>
+        <path>/keystone/unit_tests</path>
+        <path>/${PROJECT_DIR_NAME}</path>
+    </pydev_pathproperty>
 </pydev_project>
--- a/hooks/keystone_context.py
+++ b/hooks/keystone_context.py
@@ -18,10 +18,8 @@ import json
 from charmhelpers.contrib.openstack import context
 from charmhelpers.contrib.hahelpers.cluster import (
-    DC_RESOURCE_NAME,
    determine_apache_port,
    determine_api_port,
-    is_elected_leader,
    https,
 )
@@ -30,6 +28,7 @@ from charmhelpers.core.hookenv import (
    config,
    log,
    leader_get,
+    is_leader,
    local_unit,
    related_units,
    relation_ids,
@@ -270,8 +269,7 @@ class TokenFlushContext(context.OSContextGenerator):
    def __call__(self):
        ctxt = {
-            'token_flush': (not fernet_enabled() and
+            'token_flush': (not fernet_enabled() and is_leader())
-                            is_elected_leader(DC_RESOURCE_NAME))
        }
        return ctxt
@@ -281,8 +279,7 @@ class FernetCronContext(context.OSContextGenerator):
    def __call__(self):
        token_expiration = int(config('token-expiration'))
        ctxt = {
-            'enabled': (fernet_enabled() and
+            'enabled': (fernet_enabled() and is_leader()),
-                        is_elected_leader(DC_RESOURCE_NAME)),
            'unit_name': local_unit(),
            'charm_dir': charm_dir(),
            'minute': ('*/5' if token_expiration > 300 else '*')
@@ -299,7 +296,7 @@ def fernet_enabled():
    cmp_release = CompareOpenStackReleases(os_release('keystone'))
    if cmp_release < 'ocata':
        return False
-    elif 'ocata' >= cmp_release < 'rocky':
+    elif cmp_release >= 'ocata' and cmp_release < 'rocky':
        return config('token-provider') == 'fernet'
    else:
        return True

--- a/unit_tests/test_keystone_contexts.py
+++ b/unit_tests/test_keystone_contexts.py
@@ -164,17 +164,17 @@ class TestKeystoneContexts(CharmTestCase):
                          'log_file': '/var/log/keystone/keystone.log'},
                         ctxt())
-    @patch.object(context, 'is_elected_leader')
+    @patch.object(context, 'is_leader')
    @patch.object(context, 'fernet_enabled')
    def test_token_flush_context(
-            self, mock_fernet_enabled, mock_is_elected_leader):
+            self, mock_fernet_enabled, mock_is_leader):
        ctxt = context.TokenFlushContext()
        mock_fernet_enabled.return_value = False
-        mock_is_elected_leader.return_value = False
+        mock_is_leader.return_value = False
        self.assertEqual({'token_flush': False}, ctxt())
-        mock_is_elected_leader.return_value = True
+        mock_is_leader.return_value = True
        self.assertEqual({'token_flush': True}, ctxt())
        mock_fernet_enabled.return_value = True
@@ -182,10 +182,10 @@ class TestKeystoneContexts(CharmTestCase):
    @patch.object(context, 'charm_dir')
    @patch.object(context, 'local_unit')
-    @patch.object(context, 'is_elected_leader')
+    @patch.object(context, 'is_leader')
    @patch.object(context, 'fernet_enabled')
    def test_fernet_cron_context(
-            self, mock_fernet_enabled, mock_is_elected_leader, mock_local_unit,
+            self, mock_fernet_enabled, mock_is_leader, mock_local_unit,
            mock_charm_dir):
        ctxt = context.FernetCronContext()
@@ -200,10 +200,10 @@ class TestKeystoneContexts(CharmTestCase):
        }
        mock_fernet_enabled.return_value = False
-        mock_is_elected_leader.return_value = False
+        mock_is_leader.return_value = False
        self.assertEqual(expected, ctxt())
-        mock_is_elected_leader.return_value = True
+        mock_is_leader.return_value = True
        self.assertEqual(expected, ctxt())
        mock_fernet_enabled.return_value = True