From 10d4c082138054d963de89e5b4124cc975eb869a Mon Sep 17 00:00:00 2001
From: Alex Kavanagh <alex.kavanagh@canonical.com>
Date: Tue, 15 Aug 2023 22:22:12 +0100
Subject: [PATCH] [2023.1] Ensure get_requests_for_local_unit doesn't fail on
 incomplete relation

This is a rebuild/make sync for charms to pickup the fix in charmhelpers to fix
any inadvertant accesses of ['ca'] in the relation data before it is available
from vault in the certificates relation.  Fix in charmhelpers is in [1].

[1] https://github.com/juju/charm-helpers/pull/825
Closes-Bug: #2028683

Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1152
Change-Id: Ifbfd7571de866bb4e89a84bef966ae62e8b42410
---
 charmhelpers/contrib/openstack/cert_utils.py  | 33 ++++++++++++-------
 .../openstack/templates/section-service-user  |  4 +--
 2 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/charmhelpers/contrib/openstack/cert_utils.py b/charmhelpers/contrib/openstack/cert_utils.py
index a25ca99..6620f59 100644
--- a/charmhelpers/contrib/openstack/cert_utils.py
+++ b/charmhelpers/contrib/openstack/cert_utils.py
@@ -414,18 +414,27 @@ def get_requests_for_local_unit(relation_name=None):
         is_legacy_request = set(sent).intersection(legacy_keys)
         for unit in related_units(rid):
             data = relation_get(rid=rid, unit=unit)
-            if data.get(raw_certs_key):
-                bundles.append({
-                    'ca': data['ca'],
-                    'chain': data.get('chain'),
-                    'certs': json.loads(data[raw_certs_key])})
-            elif is_legacy_request:
-                bundles.append({
-                    'ca': data['ca'],
-                    'chain': data.get('chain'),
-                    'certs': {sent['common_name']:
-                              {'cert': data.get(local_name + '.server.cert'),
-                               'key': data.get(local_name + '.server.key')}}})
+            # Note: Bug#2028683 - data may not be available if the certificates
+            # relation hasn't been populated by the providing charm. If no 'ca'
+            # in the data then don't attempt the bundle at all.
+            if data.get('ca'):
+                if data.get(raw_certs_key):
+                    bundles.append({
+                        'ca': data['ca'],
+                        'chain': data.get('chain'),
+                        'certs': json.loads(data[raw_certs_key])
+                    })
+                elif is_legacy_request:
+                    bundles.append({
+                        'ca': data['ca'],
+                        'chain': data.get('chain'),
+                        'certs': {
+                            sent['common_name']: {
+                                'cert': data.get(local_name + '.server.cert'),
+                                'key': data.get(local_name + '.server.key')
+                            }
+                        }
+                    })
 
     return bundles
 
diff --git a/charmhelpers/contrib/openstack/templates/section-service-user b/charmhelpers/contrib/openstack/templates/section-service-user
index c740cc2..ff45408 100644
--- a/charmhelpers/contrib/openstack/templates/section-service-user
+++ b/charmhelpers/contrib/openstack/templates/section-service-user
@@ -3,8 +3,8 @@
 send_service_user_token = true
 auth_type = password
 auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
-project_domain_id = default
-user_domain_id = default
+project_domain_name = service_domain
+user_domain_name = service_domain
 project_name = {{ admin_tenant_name }}
 username = {{ admin_user }}
 password = {{ admin_password }}