openstack/charm-vault
Code Issues Proposed changes

handler: avoid to tune backend pki when service is pause/sealed

Browse Source 
Change-Id: I0e59655446c3d76ba290d8a9e53c897890b99929
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@canonical.com>
This commit is contained in:
Sahid Orentino Ferdjaoui
2019-11-20 13:25:20 +00:00
parent c982239239
commit b0ba16efd1
2 changed files with 38 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/reactive/vault_handlers.py
View File

@@ -843,7 +843,15 @@ def tune_pki_backend():
@when('config.set.default-ttl') @when('config.set.default-ttl')
@when('config.set.max-ttl') @when('config.set.max-ttl')
def tune_pki_backend_config_changed(): def tune_pki_backend_config_changed():
ttl = config()['default-ttl'] if is_unit_paused_set():
max_ttl = config()['max-ttl'] log("The Vault unit is paused, passing on tunning pki backend.")
vault_pki.tune_pki_backend(ttl=ttl, max_ttl=max_ttl) return
vault_pki.update_roles(max_ttl=max_ttl) # TODO(sahid): Add check when service is not running
client = vault.get_client(url=vault.VAULT_LOCALHOST_URL)
if client.is_sealed():
log("Unable to tune pki backend, service sealed.")
else:
ttl = config()['default-ttl']
max_ttl = config()['max-ttl']
vault_pki.tune_pki_backend(ttl=ttl, max_ttl=max_ttl)
vault_pki.update_roles(max_ttl=max_ttl)

27
unit_tests/test_reactive_vault_handlers.py
View File

@@ -875,8 +875,11 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
ttl='8759h') ttl='8759h')
self.set_flag.assert_called_once_with('pki.backend.tuned') self.set_flag.assert_called_once_with('pki.backend.tuned')
@mock.patch.object(handlers, 'vault')
@mock.patch.object(handlers, 'vault_pki') @mock.patch.object(handlers, 'vault_pki')
def test_tune_pki_backend_config_changed(self, vault_pki): def test_tune_pki_backend_config_changed(self, vault_pki, _vault):
self.is_unit_paused_set.return_value = False
self._set_sealed(_vault, False)
self.config.return_value = { self.config.return_value = {
'default-ttl': '8759h', 'default-ttl': '8759h',
'max-ttl': '87600h', 'max-ttl': '87600h',
@@ -887,6 +890,28 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
ttl='8759h') ttl='8759h')
vault_pki.update_roles.assert_called_once_with(max_ttl='87600h') vault_pki.update_roles.assert_called_once_with(max_ttl='87600h')
@mock.patch.object(handlers, 'vault')
@mock.patch.object(handlers, 'vault_pki')
def test_tune_pki_backend_config_changed_sealed(self, vault_pki, _vault):
self.is_unit_paused_set.return_value = False
self._set_sealed(_vault, True)
self.config.return_value = {
'default-ttl': '8759h',
'max-ttl': '87600h',
}
handlers.tune_pki_backend_config_changed()
assert not vault_pki.tune_pki_backend.called
assert not vault_pki.update_roles.called
@mock.patch.object(handlers, 'vault_pki')
def test_tune_pki_backend_config_changed_paused(self, vault_pki):
self.is_unit_paused_set.return_value = True
handlers.tune_pki_backend_config_changed()
assert not vault_pki.tune_pki_backend.called
assert not vault_pki.update_roles.called
@mock.patch.object(handlers, 'config') @mock.patch.object(handlers, 'config')
@mock.patch.object(handlers, 'clear_flag') @mock.patch.object(handlers, 'clear_flag')
@mock.patch.object(handlers, 'set_flag') @mock.patch.object(handlers, 'set_flag')