More robust hvac.Client post response handling
Pin the version of hvac for a consistent response type. Use the adpater to get response code and json data. Closes Bug: #1871981 Change-Id: Ia8517a75e7bc20f751eca83aaa84728cc62edee6
This commit is contained in:
parent
4e1c539eaf
commit
f6546dda33
@ -17,11 +17,19 @@ import hvac
|
||||
SYSTEM_CA_BUNDLE = '/etc/ssl/certs/ca-certificates.crt'
|
||||
|
||||
|
||||
# TODO: There is a version in charmhelpers.contrib.openstack.vaultlocker
|
||||
# that does everything but the System CA bundle. Update that helper to allow
|
||||
# a CA bundle for verify.
|
||||
def retrieve_secret_id(url, token):
|
||||
client = hvac.Client(url=url, verify=SYSTEM_CA_BUNDLE, token=token)
|
||||
# hvac 0.10.1 changed default adapter to JSONAdapter
|
||||
client = hvac.Client(
|
||||
url=url, token=token,
|
||||
adapter=hvac.adapters.Request,
|
||||
verify=SYSTEM_CA_BUNDLE)
|
||||
# workaround for issue where callng `client.unwrap(token)` results in
|
||||
# "error decrementing wrapping token's use-count: invalid token entry
|
||||
# provided for use count decrementing"
|
||||
response = client._post('/v1/sys/wrapping/unwrap')
|
||||
if response.get("data"):
|
||||
return response['data']['secret_id']
|
||||
if response.status_code == 200:
|
||||
data = response.json()
|
||||
return data['data']['secret_id']
|
||||
|
@ -105,3 +105,4 @@ def plugin_info_barbican_publish():
|
||||
level=ch_core.hookenv.INFO)
|
||||
barbican.publish_plugin_info('vault', vault_data)
|
||||
reactive.clear_flag('endpoint.secrets-storage.changed')
|
||||
barbican_vault_charm.assess_status()
|
||||
|
@ -1 +1,2 @@
|
||||
hvac
|
||||
# Pin hvac for a consistent response type
|
||||
hvac==0.10.1
|
||||
|
@ -4,7 +4,7 @@
|
||||
# https://github.com/openstack-charmers/release-tools
|
||||
#
|
||||
# Lint and unit test requirements
|
||||
flake8>=2.2.4,<=2.4.1
|
||||
flake8>=2.2.4
|
||||
stestr>=2.2.0
|
||||
requests>=2.18.4
|
||||
charms.reactive
|
||||
|
@ -25,7 +25,9 @@ class TestVaultUtils(test_utils.PatchHelper):
|
||||
self.patch_object(vault_utils, 'hvac')
|
||||
hvac_client = mock.MagicMock()
|
||||
self.hvac.Client.return_value = hvac_client
|
||||
response = {'data': {'secret_id': 'FAKE_SECRET_ID'}}
|
||||
response = mock.MagicMock()
|
||||
response.status_code = 200
|
||||
response.json.return_value = {'data': {'secret_id': 'FAKE_SECRET_ID'}}
|
||||
hvac_client._post.return_value = response
|
||||
self.assertEqual(
|
||||
vault_utils.retrieve_secret_id('url', 'token'), 'FAKE_SECRET_ID')
|
||||
@ -33,4 +35,5 @@ class TestVaultUtils(test_utils.PatchHelper):
|
||||
self.hvac.Client.assert_called_once_with(
|
||||
token='token',
|
||||
url='url',
|
||||
adapter=self.hvac.adapters.Request,
|
||||
verify=vault_utils.SYSTEM_CA_BUNDLE)
|
||||
|
Loading…
Reference in New Issue
Block a user