`trusted-certificate-relation-broken` hooks fail to run
peterctl opened this issue · 1 comments
peterctl commented
Removing the trusted-certificate
relation fails when the operator tries to remove the certificate from KafkaTLS
:
unit-kafka-0: 23:18:02 ERROR unit.kafka/0.juju-log trusted-certificate:10: Uncaught exception while in charm code:
Traceback (most recent call last):
File "/var/lib/juju/agents/unit-kafka-0/charm/./src/charm.py", line 478, in <module>
main(KafkaCharm)
File "/var/lib/juju/agents/unit-kafka-0/charm/venv/ops/main.py", line 435, in main
_emit_charm_event(charm, dispatcher.event_name)
File "/var/lib/juju/agents/unit-kafka-0/charm/venv/ops/main.py", line 144, in _emit_charm_event
event_to_emit.emit(*args, **kwargs)
File "/var/lib/juju/agents/unit-kafka-0/charm/venv/ops/framework.py", line 355, in emit
framework._emit(event) # noqa
File "/var/lib/juju/agents/unit-kafka-0/charm/venv/ops/framework.py", line 824, in _emit
self._reemit(event_path)
File "/var/lib/juju/agents/unit-kafka-0/charm/venv/ops/framework.py", line 899, in _reemit
custom_handler(event)
File "/var/lib/juju/agents/unit-kafka-0/charm/src/tls.py", line 199, in _trusted_relation_broken
self.remove_cert(alias=alias, filename=filename)
TypeError: KafkaTLS.remove_cert() got an unexpected keyword argument 'filename'
unit-kafka-0: 23:18:02 ERROR juju.worker.uniter.operation hook "trusted-certificate-relation-broken" (via hook dispatching script: dispatch) failed: exit status 1
Looks like the offending line is this one:
Line 199 in 2eb1780
It has the filename
argument while the function definition only wants alias
:
Line 454 in 2eb1780
I removed the filename
argument from that call and then re-ran the failed hook via juju resolve kafka/0
, and it was able to complete successfully.
unit-kafka-0: 23:22:15 INFO juju.worker.uniter awaiting error resolution for "relation-broken" hook
unit-kafka-0: 23:22:17 WARNING unit.kafka/0.juju-log trusted-certificate:10: keytool error: java.lang.Exception: Alias <tls-certificates-operator-10> does not exist
java.lang.Exception: Alias <tls-certificates-operator-10> does not exist
at java.base/sun.security.tools.keytool.Main.doDeleteEntry(Main.java:1677)
at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1164)
at java.base/sun.security.tools.keytool.Main.run(Main.java:423)
at java.base/sun.security.tools.keytool.Main.main(Main.java:416)
unit-kafka-0: 23:22:17 INFO juju.worker.uniter.operation ran "trusted-certificate-relation-broken" hook (via hook dispatching script: dispatch)
The call now echoes a warning for the non-existent alias. I didn't dig into the issue enough to figure out why.
marcoppenheimer commented
Thanks for raising it!
I expect it'll be addressed with the merging of #83