Report 'Missing CA' if certs relation exist but CA not configured
If vault/leader has certificate relationship with other apps but root CA is either not configured or cleared by action 'disable-pki', the status should be set to 'Blocked, Missing CA' Also add unit test for checking 'missing-CA' status Closes-Bug: #1940451 Change-Id: I2f0093c0ae6949693f2ad1ea4729b690c932b4b1
This commit is contained in:
parent
fbf6cc5494
commit
5151d01ee2
|
@ -817,6 +817,11 @@ def _assess_status():
|
|||
status_set('blocked', 'Missing CA cert')
|
||||
return
|
||||
|
||||
has_certs_relation = is_flag_set('certificates.available')
|
||||
if is_leader and has_certs_relation and not has_ca:
|
||||
status_set('blocked', 'Missing CA cert')
|
||||
return
|
||||
|
||||
_assess_interface_groups(OPTIONAL_INTERFACES, optional=True,
|
||||
missing_interfaces=_missing_interfaces,
|
||||
incomplete_interfaces=_incomplete_interfaces)
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
pyparsing<3.0.0 # aodhclient is pinned in zaza and needs pyparsing < 3.0.0, but cffi also needs it, so pin here.
|
||||
cffi==1.14.6; python_version < '3.6' # cffi 1.15.0 drops support for py35.
|
||||
|
||||
|
||||
setuptools<50.0.0 # https://github.com/pypa/setuptools/commit/04e3df22df840c6bb244e9b27bc56750c44b7c85
|
||||
|
||||
stestr>=2.2.0
|
||||
|
|
|
@ -483,6 +483,24 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
|
|||
handlers._assess_status()
|
||||
self.status_set.assert_called_with('blocked', 'Missing CA cert')
|
||||
|
||||
@patch.object(handlers, 'leader_get')
|
||||
@patch.object(handlers, 'client_approle_authorized')
|
||||
@patch.object(handlers, '_assess_interface_groups')
|
||||
@patch.object(handlers.vault, 'get_vault_health')
|
||||
def test_assess_status_missing_ca_certs_available(
|
||||
self, get_vault_health,
|
||||
_assess_interface_groups,
|
||||
_client_approle_authorized,
|
||||
_leader_get):
|
||||
flags = ['certificates.available']
|
||||
self.is_flag_set.side_effect = lambda f: f in flags
|
||||
get_vault_health.return_value = self._health_response
|
||||
handlers._assess_status()
|
||||
self.status_set.assert_called_with('active', mock.ANY)
|
||||
flags.append('leadership.is_leader')
|
||||
handlers._assess_status()
|
||||
self.status_set.assert_called_with('blocked', 'Missing CA cert')
|
||||
|
||||
def test_assess_interface_groups(self):
|
||||
flags = {
|
||||
'db.master.available': True,
|
||||
|
|
Loading…
Reference in New Issue