canonical/kafka-operator

`trusted-certificate-relation-broken` hooks fail to run

peterctl opened this issue · 1 comments

peterctl commented

Removing the trusted-certificate relation fails when the operator tries to remove the certificate from KafkaTLS:

unit-kafka-0: 23:18:02 ERROR unit.kafka/0.juju-log trusted-certificate:10: Uncaught exception while in charm code:
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-kafka-0/charm/./src/charm.py", line 478, in <module>
    main(KafkaCharm)
  File "/var/lib/juju/agents/unit-kafka-0/charm/venv/ops/main.py", line 435, in main
    _emit_charm_event(charm, dispatcher.event_name)
  File "/var/lib/juju/agents/unit-kafka-0/charm/venv/ops/main.py", line 144, in _emit_charm_event
    event_to_emit.emit(*args, **kwargs)
  File "/var/lib/juju/agents/unit-kafka-0/charm/venv/ops/framework.py", line 355, in emit
    framework._emit(event)  # noqa
  File "/var/lib/juju/agents/unit-kafka-0/charm/venv/ops/framework.py", line 824, in _emit
    self._reemit(event_path)
  File "/var/lib/juju/agents/unit-kafka-0/charm/venv/ops/framework.py", line 899, in _reemit
    custom_handler(event)
  File "/var/lib/juju/agents/unit-kafka-0/charm/src/tls.py", line 199, in _trusted_relation_broken
    self.remove_cert(alias=alias, filename=filename)
TypeError: KafkaTLS.remove_cert() got an unexpected keyword argument 'filename'
unit-kafka-0: 23:18:02 ERROR juju.worker.uniter.operation hook "trusted-certificate-relation-broken" (via hook dispatching script: dispatch) failed: exit status 1

Looks like the offending line is this one:

kafka-operator/src/tls.py

Line 199 in 2eb1780

self.remove_cert(alias=alias, filename=filename)

It has the filename argument while the function definition only wants alias:

kafka-operator/src/tls.py

Line 454 in 2eb1780

def remove_cert(self, alias: str) -> None:

I removed the filename argument from that call and then re-ran the failed hook via juju resolve kafka/0, and it was able to complete successfully.

unit-kafka-0: 23:22:15 INFO juju.worker.uniter awaiting error resolution for "relation-broken" hook
unit-kafka-0: 23:22:17 WARNING unit.kafka/0.juju-log trusted-certificate:10: keytool error: java.lang.Exception: Alias <tls-certificates-operator-10> does not exist
java.lang.Exception: Alias <tls-certificates-operator-10> does not exist
        at java.base/sun.security.tools.keytool.Main.doDeleteEntry(Main.java:1677)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1164)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:423)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:416)

unit-kafka-0: 23:22:17 INFO juju.worker.uniter.operation ran "trusted-certificate-relation-broken" hook (via hook dispatching script: dispatch)

The call now echoes a warning for the non-existent alias. I didn't dig into the issue enough to figure out why.

marcoppenheimer commented

Thanks for raising it!

I expect it'll be addressed with the merging of #83