Removes generate-certificate juju action

actions.yaml

@@ -10,15 +10,3 @@ authorise-charm:
       description: Token to use to authorise charm.
   required:
   - token
-generate-certificate:
-  description: Generate a certificate against the Vault PKI.
-  properties:
-    cn:
-      type: string
-      description: >-
-        CN (Common Name) field of the new certificate
-    sans:
-      type: string
-      description: >-
-        Space delimited list of Subject Alternate Name/IP addresse(s).
-      default: ""

src/charm.py

@@ -17,8 +17,6 @@
 from charms.tls_certificates_interface.v1.tls_certificates import (
     CertificateCreationRequestEvent,
     TLSCertificatesProvidesV1,
-    generate_csr,
-    generate_private_key,
 )
 from ops.charm import ActionEvent, CharmBase, ConfigChangedEvent
 from ops.framework import StoredState
@@ -59,9 +57,6 @@ def __init__(self, *args):
         self.framework.observe(self.on.vault_pebble_ready, self._on_config_changed)
         self.framework.observe(self.on.config_changed, self._on_config_changed)
         self.framework.observe(self.on.authorise_charm_action, self._on_authorise_charm_action)
-        self.framework.observe(
-            self.on.generate_certificate_action, self._on_generate_certificate_action
-        )
         self.service_patcher = KubernetesServicePatch(
             charm=self,
             ports=[ServicePort(name="vault", port=8200)],
@@ -209,34 +204,6 @@ def _on_authorise_charm_action(self, event: ActionEvent) -> None:
             self._stored.secret_id = secret_id
             self.unit.status = ActiveStatus()
 
-    def _on_generate_certificate_action(self, event: ActionEvent) -> None:
-        """Generates TLS Certificate.
-
-        Generates a private key, creates a CSR based on user provided parameters and asks
-        Vault for a certificate.
-
-        Args:
-            event: Juju event.
-
-        Returns:
-            None
-        """
-        private_key = generate_private_key()
-        csr = generate_csr(
-            private_key=private_key,
-            subject=event.params["cn"],
-            sans=event.params["sans"],  # type: ignore[arg-type]
-        )
-        certificate = self.vault.issue_certificate(certificate_signing_request=csr.decode())
-        event.set_results(
-            {
-                "private-key": private_key.decode(),
-                "certificate": certificate["certificate"],
-                "ca-chain": certificate["ca_chain"],
-                "issuing-ca": certificate["issuing_ca"],
-            }
-        )
-
 
 if __name__ == "__main__":
     main(VaultCharm)

tests/integration/test_integration.py

@@ -149,28 +149,3 @@ async def test_given_no_config_when_post_deployment_tasks_and_authorise_charm_th
         await ops_test.model.wait_for_idle(  # type: ignore[union-attr]
             apps=[APPLICATION_NAME], status="active", timeout=1000
         )
-
-    @pytest.mark.abort_on_fail
-    async def test_given_status_is_active_when_run_issue_certificate_action_then_certificates_are_issued(  # noqa: E501
-        self, ops_test: OpsTest, build_and_deploy
-    ):
-        """This test runs the "generate-certificate" Juju action.
-
-        Args:
-            ops_test: Ops test Framework.
-            build_and_deploy: Pytest fixture.
-        """
-        vault_unit = ops_test.model.units["vault-k8s/0"]  # type: ignore[union-attr]
-
-        action = await vault_unit.run_action(
-            action_name="generate-certificate", cn="whatever", sans=""
-        )
-
-        action_output = await ops_test.model.get_action_output(  # type: ignore[union-attr]
-            action_uuid=action.entity_id, wait=60
-        )
-        assert action_output["return-code"] == 0
-        assert "ca-chain" in action_output and action_output["ca-chain"] is not None
-        assert "issuing-ca" in action_output and action_output["issuing-ca"] is not None
-        assert "certificate" in action_output and action_output["certificate"] is not None
-        assert "private-key" in action_output and action_output["private-key"] is not None

tests/unit/test_charm.py

@@ -175,24 +175,3 @@ def test_given_unit_is_leader_when_on_authorise_charm_action_then_status_is_acti
         self.harness.charm._on_authorise_charm_action(event)
 
         self.assertEqual(self.harness.charm.unit.status, ActiveStatus())
-
-    @patch("vault.Vault.issue_certificate")
-    def test_given_when_on_generate_certificate_action_then(self, patch_issue_certificate):
-        common_name = "whatever common name"
-        certificate = "whatever certificate"
-        ca_chain = "whatever ca chain"
-        issuing_ca = "whatever issuing ca"
-        patch_issue_certificate.return_value = {
-            "certificate": certificate,
-            "ca_chain": ca_chain,
-            "issuing_ca": issuing_ca,
-        }
-        event = Mock()
-        event.params = {"cn": common_name, "sans": ""}
-
-        self.harness.charm._on_generate_certificate_action(event=event)
-
-        args, kwargs = event.set_results.call_args
-        assert args[0]["certificate"] == certificate
-        assert args[0]["ca-chain"] == ca_chain
-        assert args[0]["issuing-ca"] == issuing_ca