If VIP is set, wait until ha.available

The charm was sending an individual unit's address even when the VIP configuration value was set. If VIP is set and we have not yet reached the ha.available state, wait on publishing the vault url. Change-Id: I3de05b5e771dc4b7c43996d99ccc4b5d8668737d Closes-Bug: #1878035
2020-05-18 12:04:36 -07:00 · 2020-05-18 12:04:36 -07:00 · 3f94a10cbf
parent 959de0ae3b
commit 3f94a10cbf
3 changed files with 52 additions and 6 deletions
--- a/src/reactive/vault_handlers.py
+++ b/src/reactive/vault_handlers.py
@ -506,17 +506,21 @@ def configure_secrets_backend():
 def send_vault_url_and_ca():
    secrets = endpoint_from_flag('secrets.connected')
    vault_url_external = None
+    hostname = config('hostname')
+    vip = vault.get_vip()
    if is_flag_set('ha.available'):
-        hostname = config('hostname')
        if hostname:
            vault_url = vault.get_api_url(address=hostname)
        else:
-            vip = vault.get_vip()
            vault_url = vault.get_api_url(address=vip)
            ext_vip = vault.get_vip(binding='external')
            if ext_vip and ext_vip != vip:
                vault_url_external = vault.get_api_url(address=ext_vip,
                                                       binding='external')
+    elif vip:
+        log("VIP is set but ha.available is not yet set, skipping "
+            "send_vault_url_and_ca.", level=DEBUG)
+        return
    else:
        vault_url = vault.get_api_url()
        vault_url_external = vault.get_api_url(binding='external')
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -4,7 +4,7 @@
 #     https://github.com/openstack-charmers/release-tools
 #
 # Lint and unit test requirements
-flake8>=2.2.4,<=2.4.1
+flake8>=2.2.4
 stestr>=2.2.0
 requests>=2.18.4
 charms.reactive
--- a/unit_tests/test_reactive_vault_handlers.py
+++ b/unit_tests/test_reactive_vault_handlers.py
@ -607,12 +607,15 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
            mock.call('secrets.refresh'),
        ])

+    @mock.patch.object(handlers.vault.hookenv, 'config')
    @mock.patch.object(handlers.vault.hookenv, 'network_get_primary_address')
-    def test_send_vault_url_and_ca(self, mock_network_get_primary_address):
+    def test_send_vault_url_and_ca(
+            self, mock_network_get_primary_address, mock_config):
        _test_config = {
            'ssl-ca': 'test-ca',
        }
        self.config.side_effect = lambda key: _test_config.get(key)
+        mock_config.side_effect = lambda key: _test_config.get(key)
        mock_secrets = mock.MagicMock()

        def fake_network_get(binding=None):
@ -632,12 +635,15 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
            vault_ca='test-ca'
        )

+    @mock.patch.object(handlers.vault.hookenv, 'config')
    @mock.patch.object(handlers.vault.hookenv, 'network_get_primary_address')
-    def test_send_vault_url_and_ca_ext(self, mock_network_get_primary_address):
+    def test_send_vault_url_and_ca_ext(
+            self, mock_network_get_primary_address, mock_config):
        _test_config = {
            'ssl-ca': 'test-ca',
        }
        self.config.side_effect = lambda key: _test_config.get(key)
+        mock_config.side_effect = lambda key: _test_config.get(key)
        mock_secrets = mock.MagicMock()

        def fake_network_get(binding=None):
@ -703,12 +709,48 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
            vault_ca='test-ca'
        )

-    def test_send_vault_url_and_ca_hostname(self):
+    @mock.patch('charmhelpers.contrib.network.ip.get_netmask_for_address')
+    @mock.patch.object(handlers.vault.hookenv, 'config')
+    @mock.patch.object(handlers.vault.hookenv, 'network_get_primary_address')
+    def test_send_vault_url_and_ca_ha_not_ready(
+            self, mock_network_get_primary_address, mock_config,
+            mock_get_netmask_for_address):
+        _test_config = {
+            'vip': '10.5.100.1 10.6.100.1',
+            'ssl-ca': 'test-ca',
+            'hostname': None
+        }
+        mock_get_netmask_for_address.return_value = 16
+        self.config.side_effect = lambda key: _test_config.get(key)
+        mock_config.side_effect = lambda key: _test_config.get(key)
+
+        mock_secrets = mock.MagicMock()
+
+        def fake_network_get(binding=None):
+            if binding == 'external':
+                return '10.6.0.23'
+
+            return '10.5.0.23'
+
+        mock_network_get_primary_address.side_effect = fake_network_get
+
+        self.endpoint_from_flag.return_value = mock_secrets
+        # ha.available is not yet set
+        self.is_flag_set.return_value = False
+        handlers.send_vault_url_and_ca()
+        self.endpoint_from_flag.assert_called_with('secrets.connected')
+        self.is_flag_set.assert_called_with('ha.available')
+        mock_secrets.publish_url.assert_not_called()
+        mock_secrets.publish_ca.assert_not_called()
+
+    @mock.patch.object(handlers.vault.hookenv, 'config')
+    def test_send_vault_url_and_ca_hostname(self, mock_config):
        _test_config = {
            'ssl-ca': 'test-ca',
            'hostname': 'vault',
        }
        self.config.side_effect = lambda key: _test_config.get(key)
+        mock_config.side_effect = lambda key: _test_config.get(key)

        mock_secrets = mock.MagicMock()