Comment 7 for bug 1915504

This was a bit of a research project. I don't want to keep compounding fixes on fixes. So I would like to put the brakes on stable back-ports until we are all in agreement.

This is continued fallout from the keystone_juju_ca_cert.crt to vault_juju_ca_cert.crt rename which I believe began with [0] for CH and [1] for NCC.

Frode then filed LP Bug#1911902 [2] and a fix in [3]. Now Aurelien is working on Vladamir's LP Bug#1915504 [4] with a refactor out of NCC [5] into charm-helpers [6].

I got involved when requested to review the stable back port [7] and [8]. Which is where I am calling stop the line. Where [5] and [6] might be fine for master, [7] and [8] represents a lot of change for a back-port including a "refactor."

Questions:

NCC will not be the last charm that needs to determine its CA from config or the certificates relation, is [6] a generic enough and robust enough solution? For example, I don't quite understand the ca_cert_absolute_path taking in the basename with out extension.

Rather than back porting a refactor, can we use a simpler fix for stable? A potential 2 line change for stable NCC is [9].

[0] https://github.com/juju/charm-helpers/commit/a3a8ce071fa3d49d7c7d2cadad2a51ddc9ed4efe
[1] https://github.com/openstack/charm-nova-cloud-controller/commit/f4e3c8f21cc5f3241d61547c9dbb9f6ee4969d60
[2] https://bugs.launchpad.net/charm-nova-compute/+bug/1911902
[3] https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/770938
[4] https://bugs.launchpad.net/charm-nova-cloud-controller/+bug/1915504
[5] https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/775602
[6] https://github.com/juju/charm-helpers/pull/570
[7] https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/775900
[8] https://github.com/juju/charm-helpers/pull/571
[9] https://pastebin.ubuntu.com/p/k3fRNNkPmG/