TLS certificates workflow

sequenceDiagram
opensearch_tls.py->>opensearch_tls.py: _request_certificate()
opensearch_tls.py->>opensearch_tls.py: generate_csr()
opensearch_tls.py->>opensearch_tls.py: secrets.put_object("CertType")
opensearch_tls.py->>TLSCertificatesRequiresV3: request certificate creation (csr)
TLSCertificatesRequiresV3->>TLSCertificatesRequiresV3:  add requirer csr to relation data (relation="certificates")
self-signed-certificates-operator->>self-signed-certificates-operator: _on_relation_changed()
self-signed-certificates-operator->>TLSCertificatesProvidesV4: get outstanding certificate requests
TLSCertificatesProvidesV4->>self-signed-certificates-operator: generate self signed certificate (validity=self._config_certificate_validity)
self-signed-certificates-operator->>TLSCertificatesProvidesV4: set relation certificate
TLSCertificatesRequiresV3->>TLSCertificatesRequiresV3: _on_relation_changed()
TLSCertificatesRequiresV3->>TLSCertificatesRequiresV3: get provider certificates
TLSCertificatesRequiresV3->>TLSCertificatesRequiresV3: ProviderCertificate(..., expiry_notification_time = calculate_expiry_notification_time)
loop calculate expiry notification time
    TLSCertificatesRequiresV3->>TLSCertificatesRequiresV3: provider_recommendation_time_delta or requirer_recommendation_time_delta
end
TLSCertificatesRequiresV3->>TLSCertificatesRequiresV3: add/update secret(label=f"{LIBID}-{csr_in_sha256_hex}",                    expire=self._get_next_secret_expiry_time)
TLSCertificatesRequiresV3->>TLSCertificatesRequiresV3: on.certificate_available.emit()
opensearch_tls.py->>opensearch_tls.py: on_certificate_available()
opensearch_tls.py->>opensearch_tls.py: secrets.put_object("CertType", event.chain, event.certificate, event.ca)

Loading