ebb0334905
To use the tls-certificates interface clients relate to the vault charm. If the charms CA is not ready yet the charm will not update the relation data. To prepare the CA an operator needs to run the get_csr action to retrieve the csr for the intermediate ca the charm has prepared. The operator should sign the csr with the root CA and then upload the root CA cert and signed csr to the vault charm via the upload-signed-csr action. Running this action will trigger the vault charm to process any outstanding certificate requests and to update the relation data accordingly. The update includes: * New action get_csr to retrieve a csr for the intermediate ca for the charm pki * New action upload-signed-csr to upload a signed intermediate csr * Charm now provides tls-certificates interface * Update vault access acl to allow charm full access to charm-pki-*. Currently the only pki mount point the charm uses is charm-pki-local * Various generic helpers to lib.charm.vault * New module lib.charm.vault_pki which handles interactions between the charm and the vault pki api * Add handler to reactive.vault_handlers for reacting to certificate requests Depends-On: I6222e5eb9c8a0a5f079ecc2e5e5c97abc1c39515 Change-Id: I1681b9f2defcfbf7c06ede83c88c507dcf92a7ce
55 lines
1.6 KiB
Python
55 lines
1.6 KiB
Python
import mock
|
|
import unittest
|
|
|
|
|
|
class CharmTestCase(unittest.TestCase):
|
|
|
|
def setUp(self):
|
|
self._patches = {}
|
|
self._patches_start = {}
|
|
|
|
def tearDown(self):
|
|
for k, v in self._patches.items():
|
|
v.stop()
|
|
setattr(self, k, None)
|
|
self._patches = None
|
|
self._patches_start = None
|
|
|
|
def _patch(self, method):
|
|
_m = unittest.mock.patch.object(self.obj, method)
|
|
mock = _m.start()
|
|
self.addCleanup(_m.stop)
|
|
return mock
|
|
|
|
def patch_all(self):
|
|
for method in self.patches:
|
|
setattr(self, method, self._patch(method))
|
|
|
|
def patch_object(self, obj, attr, return_value=None, name=None, new=None,
|
|
**kwargs):
|
|
if name is None:
|
|
name = attr
|
|
if new is not None:
|
|
mocked = mock.patch.object(obj, attr, new=new, **kwargs)
|
|
else:
|
|
mocked = mock.patch.object(obj, attr, **kwargs)
|
|
self._patches[name] = mocked
|
|
started = mocked.start()
|
|
if new is None:
|
|
started.return_value = return_value
|
|
self._patches_start[name] = started
|
|
setattr(self, name, started)
|
|
|
|
def patch(self, item, return_value=None, name=None, new=None, **kwargs):
|
|
if name is None:
|
|
raise RuntimeError("Must pass 'name' to .patch()")
|
|
if new is not None:
|
|
mocked = mock.patch(item, new=new, **kwargs)
|
|
else:
|
|
mocked = mock.patch(item, **kwargs)
|
|
self._patches[name] = mocked
|
|
started = mocked.start()
|
|
if new is None:
|
|
started.return_value = return_value
|
|
self._patches_start[name] = started
|